Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23794

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Jan, 2025 | 20:07
Updated At-17 Jan, 2025 | 19:09
Rejected At-
Credits

WordPress wp_amaps Plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Jan, 2025 | 20:07
Updated At:17 Jan, 2025 | 19:09
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress wp_amaps Plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7.

Affected Products
Vendor
rccoder
Product
wp_amaps
Collection URL
https://wordpress.org/plugins
Package Name
wp-amaps
Default Status
unaffected
Versions
Affected
  • From n/a through 1.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
0xd4rk5id3 (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/wp-amaps/vulnerability/wordpress-wp-amaps-plugin-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-amaps/vulnerability/wordpress-wp-amaps-plugin-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Jan, 2025 | 21:15
Updated At:16 Jan, 2025 | 21:15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/wp-amaps/vulnerability/wordpress-wp-amaps-plugin-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-amaps/vulnerability/wordpress-wp-amaps-plugin-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2523Records found
CVE-2025-22689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators allows Stored XSS. This issue affects Forex Calculators: from n/a through 1.3.6.

Action-Not Available
Vendor-Levan Tarbor
Product-Forex Calculators
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22817
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.32%
||
7 Day CHG+0.09%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0.

Action-Not Available
Vendor-Venutius
Product-BP Profile Shortcodes Extra
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 16:46
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Formzu WP Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7.

Action-Not Available
Vendor-formzuFormzu Inc.
Product-formzu_wpFormzu WP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22354
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.78%
||
7 Day CHG+0.04%
Published-07 Jan, 2025 | 16:52
Updated-07 Jan, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4.

Action-Not Available
Vendor-Code Themes
Product-Digi Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22825
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flexible PDF Coupons plugin < 1.10.3 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Desk Flexible PDF Coupons allows Stored XSS. This issue affects Flexible PDF Coupons: from n/a through n/a.

Action-Not Available
Vendor-WP Desk
Product-Flexible PDF Coupons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22797
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-15 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery and Lightbox plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14.

Action-Not Available
Vendor-Oğulcan Özügenç
Product-Gallery and Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22718
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 13:57
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FAT Event Lite plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roninwp FAT Event Lite allows Stored XSS. This issue affects FAT Event Lite: from n/a through 1.1.

Action-Not Available
Vendor-Roninwp
Product-FAT Event Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.95%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 08:16
Updated-01 Aug, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Click To Tweet Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.

Action-Not Available
Vendor-clicktotweetClickToTweet.com
Product-click_to_tweetClick To Tweet
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.96%
||
7 Day CHG-0.02%
Published-07 Jan, 2025 | 10:49
Updated-26 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP FullCalendar plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite WP FullCalendar wp-fullcalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through 1.5.

Action-Not Available
Vendor-Pixelite
Product-WP FullCalendar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23502
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:26
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category – List Category Posts Or Recent Posts: from n/a through 3.3.2.

Action-Not Available
Vendor-infornwebInfornWeb
Product-posts_list_designer_by_categoryPosts List Designer by Category – List Category Posts Or Recent Posts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22742
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-15 Jan, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ViewSTL plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falldeaf WP ViewSTL allows DOM-Based XSS.This issue affects WP ViewSTL: from n/a through 1.0.

Action-Not Available
Vendor-falldeaf
Product-WP ViewSTL
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22411
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-5.77% / 90.31%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:57
Updated-02 Jun, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0 releases of Avo. Users are advised to upgrade.

Action-Not Available
Vendor-avohqavo-hq
Product-avoavo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23505
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:23
Updated-23 May, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38.

Action-Not Available
Vendor-dearhiveDearHive
Product-dearpdfPDF Viewer & 3D PDF Flipbook – DearPDF
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-1250
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:11
Updated-12 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-1253
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:10
Updated-12 Nov, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-1249
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:11
Updated-12 Nov, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23511
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.13%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 13:33
Updated-20 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Plus Addons for Elementor plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3.

Action-Not Available
Vendor-POSIMYTH
Product-The Plus Addons for Elementor Page Builder Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 08:08
Updated-01 Aug, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Scheduling Plugin – Online Booking for WordPress Plugin <= 3.5.10 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10.

Action-Not Available
Vendor-startbookingStart Booking
Product-scheduling_pluginScheduling Plugin – Online Booking for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22414
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.02%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 20:25
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User profile page vulnerable to Cross Site Scripting (XSS) in flaskBlog

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class="content" tag="content">{{comment[2]|safe}}</div>`. Use of the "safe" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation.

Action-Not Available
Vendor-dogukanurkerDogukanUrker
Product-flaskblogflaskBlog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51892
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.46%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:31
Updated-20 Nov, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sell Media File with Stripe plugin <= 1.0.6 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Sell Media File with Stripe allows Stored XSS.This issue affects Sell Media File with Stripe: from n/a through 1.0.6.

Action-Not Available
Vendor-naa986
Product-Sell Media File with Stripe
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23516
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 24.95%
||
7 Day CHG~0.00%
Published-10 Feb, 2024 | 08:11
Updated-01 Aug, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CC BMI Calculator Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.

Action-Not Available
Vendor-calculatorsworldCalculators World
Product-cc_bmi_calculatorCC BMI Calculator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22158
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:15
Updated-15 May, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0.

Action-Not Available
Vendor-peepsoPeepSo
Product-peepsoCommunity by PeepSo – Social Network, Membership, Registration, User Profiles
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22146
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:24
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-schema_\&_structured_data_for_wp_\&_ampSchema & Structured Data for WP & AMP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22150
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 18:18
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1.

Action-Not Available
Vendor-pwrpluginsPWR Plugins
Product-powerfolioPortfolio & Image Gallery for WordPress | PowerFolio
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22292
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 17:36
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP To Do Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8.

Action-Not Available
Vendor-delowerDelower
Product-wp_to_doWP To Do
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22137
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 23:20
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.

Action-Not Available
Vendor-mailmunchMailMunch
Product-constant_contact_formsConstant Contact Forms by MailMunch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-22302
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 16:55
Updated-23 May, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.

Action-Not Available
Vendor-albo_pretorio_on_line_projectIgnazio Scimone
Product-albo_pretorio_on_lineAlbo Pretorio On line
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.05%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 13:33
Updated-19 Feb, 2025 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.

Action-Not Available
Vendor-material_design_icons_for_page_builders_projectPhoton WP
Product-material_design_icons_for_page_buildersMaterial Design Icons for Page Builders
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12163
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.39%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 06:00
Updated-09 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GoodLayers Core < 2.1.3 - Subscriber+ Stored XSS via SVG Upload

The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.

Action-Not Available
Vendor-goodlayersUnknown
Product-goodlayers_coregoodlayers-core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-7590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 21:47
Updated-01 Mar, 2025 | 02:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spectra – WordPress Gutenberg Blocks plugin<= 2.14.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1.

Action-Not Available
Vendor-Brainstorm Force
Product-spectraSpectra
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.87%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 12:39
Updated-09 Jan, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.

Action-Not Available
Vendor-properfractionProfilePress Membership Team
Product-profilepressProfilePress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.87%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 14:14
Updated-20 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UseStrict's Calendly Embedder plugin <= 1.1.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict UseStrict&#039;s Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict&#039;s Calendly Embedder: from n/a through <= 1.1.7.2.

Action-Not Available
Vendor-useStrict
Product-UseStrict&#039;s Calendly Embedder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10631
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:06
Updated-09 Jun, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Countdown Timer <= 1.0.5 - Contributor+ Stored XSS

The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Action-Not Available
Vendor-flickdevsUnknown
Product-countdown_timer_for_wordpress_block_editorCountdown Timer for WordPress Block Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-64220
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 08:38
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rey Core plugin <= 3.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.

Action-Not Available
Vendor-ReyCommerce
Product-Rey Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24958
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-03 Feb, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.

Action-Not Available
Vendor-Crocoblock
Product-JetElements For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-6138
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.21%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 06:00
Updated-01 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-UnknownAYS Pro Extensions
Product-secure_copy_content_protection_and_content_lockingSecure Copy Content Protection and Content Lockingsecure_copy_content_protection_and_content_locking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56021
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.00%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 23:08
Updated-02 Jan, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through 2.4.

Action-Not Available
Vendor-ibnuyahya
Product-Category Post Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-6052
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.42%
||
7 Day CHG~0.00%
Published-03 Jul, 2024 | 14:30
Updated-16 Sep, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in SQL check parameters

Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58864
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.19%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:45
Updated-05 Sep, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 金数据 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamroody 金数据 allows Stored XSS. This issue affects 金数据: from n/a through 1.0.

Action-Not Available
Vendor-iamroody
Product-金数据
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.74%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 10:55
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8.

Action-Not Available
Vendor-tinywebgalleryAdvanced iFrame
Product-advanced_iframeAdvanced iFrame
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52193
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:49
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page Builder: Live Composer Plugin <= 1.5.23 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.23.

Action-Not Available
Vendor-livecomposerpluginLive Composer Team
Product-live-composer-page-builderPage Builder: Live Composer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52228
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.70%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:54
Updated-06 Aug, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Beds24 Online Booking plugin <= 2.0.24 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.

Action-Not Available
Vendor-Mark Kinchin
Product-Beds24 Online Booking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52178
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 07:51
Updated-14 Nov, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Affiliate Disclosure Plugin <= 1.2.7 is vulnerable to Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.

Action-Not Available
Vendor-mojofywpMojofyWP
Product-wp_affiliate_disclosureWP Affiliate Disclosure
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 10:34
Updated-07 Feb, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Digital Downloads Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5.

Action-Not Available
Vendor-Sandhills Development, LLC (EasyDigitalDownloads)Awesome Motive Inc.
Product-easy_digital_downloadsEasy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 10:39
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Video Player Plugin <= 1.2.2.10 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Easy Video Player allows Stored XSS.This issue affects Easy Video Player: from n/a through 1.2.2.10.

Action-Not Available
Vendor-noorspluginnaa986
Product-easy_video_playerEasy Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52175
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 10:05
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Amazon Links Plugin <= 5.1.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1.

Action-Not Available
Vendor-michaelunoMichael Uno (miunosoft)
Product-auto_amazon_linksAuto Amazon Links – Amazon Associates Affiliate Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52198
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.40%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 20:20
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Private Google Calendars Plugin <= 20231125 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.

Action-Not Available
Vendor-michielvaneerdMichiel van Eerd
Product-private_google_calendarsPrivate Google Calendars
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5741
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 62.49%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 11:16
Updated-16 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in inventory view

Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52194
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:45
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress oEmbed Gist Plugin <= 4.9.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1.

Action-Not Available
Vendor-takayukimiyauchiTakayuki Miyauchi
Product-oembed_gistoEmbed Gist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51666
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 10:16
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53.

Action-Not Available
Vendor-pickpluginsPickPlugins
Product-related_postRelated Post
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 50
  • 51
  • Next
Details not found