ByteOS Network

Vulnerability Details :

CVE-2025-26895

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-15 Mar, 2025 | 21:57

Updated At-17 Mar, 2025 | 16:10

WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS. This issue affects m1.DownloadList: from n/a through 0.19.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:15 Mar, 2025 | 21:57

Updated At:17 Mar, 2025 | 16:10

▼CVE Numbering Authority (CNA)

WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

maennchen1.de

Product

m1.DownloadList

Collection URL

https://wordpress.org/plugins

Package Name

m1downloadlist

Default Status

unaffected

Versions

Affected

From n/a through 0.19 (custom)
- -> unaffectedfrom0.20

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-588	CAPEC-588 DOM-Based XSS

CAPEC ID: CAPEC-588

Description: CAPEC-588 DOM-Based XSS

Solutions

Update the WordPress m1.DownloadList wordpress plugin to the latest available version (at least 0.20).

Credits

finder

muhammad yudha (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:15 Mar, 2025 | 22:15

Updated At:15 Mar, 2025 | 22:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/m1downloadlist/vulnerability/wordpress-m1-downloadlist-plugin-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2525Records found

CVE-2023-23681

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 11:06

Updated-10 Jan, 2025 | 19:12

WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.

Vendor-webdevocean Labib Ahmed

Product-image_hover_effects_for_wpbakery_page_builder Image Hover Effects For WPBakery Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23977

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 12:56

Updated-19 Feb, 2025 | 21:35

WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.

Vendor-Heateor

Product-social_comments WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23676

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:35

Updated-09 Jan, 2025 | 15:15

WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.

Vendor-file_gallery_project Bruno "Aesqe" Babic

Product-file_gallery File Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23877

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:31

Updated-25 Sep, 2024 | 16:45

WordPress Pinterest RSS Widget Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.

Vendor-bkmacdaddy bkmacdaddy designs

Product-pinterest_rss_widget Pinterest RSS Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23815

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:58

Updated-10 Jan, 2025 | 19:11

WordPress Multi-column Tag Map Plugin <= 17.0.24 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.

Vendor-Multi-Column Tag Map

Product-multi-column_tag_map Multi-column Tag Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23641

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-16 May, 2023 | 09:18

Updated-10 Oct, 2024 | 18:57

WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.

Vendor-wpmanage WPmanage

Product-uji_popup Uji Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23701

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:58

Updated-09 Jan, 2025 | 15:20

WordPress Easy Sign Up Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.

Vendor-web_design_easy_sign_up_project Andrew @ Geeenville Web Design

Product-web_design_easy_sign_up Easy Sign Up

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23876

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-03 May, 2023 | 13:12

Updated-09 Jan, 2025 | 15:31

WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.

Vendor-tms-outsource TMS-Plugins

Product-wpdatatables wpDataTables

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23873

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:35

Updated-02 Aug, 2024 | 13:41

WordPress BBSpoiler Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flector BBSpoiler plugin <= 2.01 versions.

Vendor-bbspoiler_project Flector

Product-bbspoiler BBSpoiler

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23686

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:26

Updated-10 Jan, 2025 | 19:11

WordPress Simple Staff List Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.

Vendor-simple_staff_list_project Brett Shumaker

Product-simple_staff_list Simple Staff List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23826

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:06

Updated-25 Sep, 2024 | 16:47

WordPress Add Posts to Pages Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions.

Vendor-webmechanix Arsham Mirshah

Product-add_posts_to_pages Add Posts to Pages

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24393

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 12:32

Updated-25 Sep, 2024 | 15:03

WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.

Vendor-wpmart Sk. Abul Hasan

Product-animated_number_counters Animated Number Counters

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23862

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:11

Updated-09 Jan, 2025 | 15:23

WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions.

Vendor-vertical_scroll_recent_post_project Gopi Ramasamy

Product-vertical_scroll_recent_post Vertical scroll recent post

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23999

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-18 May, 2023 | 10:14

Updated-09 Jan, 2025 | 15:13

WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.

Vendor-MonsterInsights, LLC

Product-google_analytics_dashboard MonsterInsights

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23867

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-12 May, 2023 | 14:39

Updated-09 Jan, 2025 | 15:17

WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions.

Vendor-buttons_x_project Gautam Thapar

Product-buttons_x Button Builder – Buttons X

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23880

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:23

Updated-25 Sep, 2024 | 16:45

WordPress ExactMetrics Plugin <= 7.14.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.

Vendor-ExactMetrics MonsterInsights, LLC

Product-exactmetrics ExactMetrics

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23885

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:46

Updated-10 Jan, 2025 | 18:58

WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

Vendor-fullworksplugins Fullworks

Product-quick_contact_form Quick Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23650

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 12:40

Updated-10 Jan, 2025 | 19:17

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.

Vendor-mainwp MainWP

Product-code_snippets_extension MainWP Code Snippets Extension

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23667

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-18 May, 2023 | 10:21

Updated-10 Oct, 2024 | 18:57

WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <= 3.7.0.6 versions.

Vendor-berocket BeRocket

Product-brands_for_woocommerce Brands for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23874

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-03 May, 2023 | 13:05

Updated-09 Jan, 2025 | 15:31

WordPress Ditty Plugin <= 3.0.32 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions.

Vendor-metaphorcreations Metaphor Creations

Product-ditty Ditty

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23832

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:06

Updated-10 Jan, 2025 | 18:46

WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions.

Vendor-ultimate_wp_query_search_filter_project TC

Product-ultimate_wp_query_search_filter Ultimate WP Query Search Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24400

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 32.84%

7 Day CHG~0.00%

Published-06 May, 2023 | 23:03

Updated-09 Jan, 2025 | 15:26

WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.

Vendor-hu-manity Hu-manity.co

Product-cookie_notice_\&_compliance_for_gdpr_\/_ccpa Cookie Notice & Compliance for GDPR / CCPA

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24003

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:09

Updated-19 Feb, 2025 | 21:35

WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.

Vendor-timersys Timersys

Product-wp_popups WP Popups – WordPress Popup builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23831

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.27%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 13:40

Updated-02 Aug, 2024 | 13:40

WordPress Rating Widget Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rating-Widget Rating-Widget: Star Review System plugin <= 3.1.9 versions.

Vendor-rating-widget Rating-Widget

Product-ratingwidget Rating-Widget: Star Review System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23889

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:24

Updated-09 Jan, 2025 | 15:33

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Vendor-fullworksplugins Fullworks

Product-quick_paypal_payments Quick Paypal Payments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23703

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-16 May, 2023 | 09:50

Updated-09 Jan, 2025 | 15:14

WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.

Vendor-tychesoftwares Tyche Softwares

Product-arconix_shortcodes Arconix Shortcodes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24411

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 24.85%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:52

Updated-10 Jan, 2025 | 19:07

WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.

Vendor-bnecreative Kerry Kline

Product-bne_testimonials BNE Testimonials

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23717

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:12

Updated-10 Jan, 2025 | 18:45

WordPress Portfolio Slideshow Plugin <= 1.13.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions.

Vendor-portfolio_slideshow_project George Gecewicz

Product-portfolio_slideshow Portfolio Slideshow

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23894

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-08 May, 2023 | 21:57

Updated-09 Jan, 2025 | 15:23

WordPress Surbma | GDPR Proof Cookie Consent & Notice Bar Plugin <= 17.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions.

Vendor-surbma Surbma

Product-gdpr_proof_cookie_consent_\&_notice_bar Surbma | GDPR Proof Cookie Consent & Notice Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23817

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:27

Updated-10 Jan, 2025 | 18:45

WordPress Simple PDF Viewer Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions.

Vendor-simple_pdf_viewer_project WebArea | Vera Nedvyzhenko

Product-simple_pdf_viewer Simple PDF Viewer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23670

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 10:44

Updated-19 Feb, 2025 | 21:36

WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.

Vendor-Heateor

Product-fancy_comments Fancy Comments WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23798

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:04

Updated-25 Sep, 2024 | 16:44

WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.

Vendor-web-settler Muneeb

Product-layer_slider Layer Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23668

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-08 May, 2023 | 11:56

Updated-09 Jan, 2025 | 15:25

WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.

Vendor-GiveWP

Product-givewp GiveWP

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23864

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 12:44

Updated-10 Jan, 2025 | 19:17

WordPress Very Simple Google Maps Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Michael Aronoff Very Simple Google Maps plugin <= 2.8.4 versions.

Vendor-very_simple_google_maps_project Michael Aronoff

Product-very_simple_google_maps Very Simple Google Maps

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23833

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.27%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 12:53

Updated-25 Sep, 2024 | 16:59

WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.

Vendor-drop_shadow_boxes_project Steven Henty

Product-drop_shadow_boxes Drop Shadow Boxes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23709

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-16 May, 2023 | 09:42

Updated-09 Jan, 2025 | 15:14

WordPress WPJAM Basic Plugin <= 6.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <= 6.2.1 versions.

Vendor-wpjam_basic_project Denis

Product-wpjam_basic WPJAM Basic

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23708

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-03 May, 2023 | 12:27

Updated-19 Feb, 2025 | 21:32

WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.

Vendor-Themeisle Themeisle

Product-visualizer Visualizer: Tables and Charts Manager for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24378

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 33.01%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:48

Updated-10 Jan, 2025 | 19:06

WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions.

Vendor-codeat Codeat

Product-glossary Glossary

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24009

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:14

Updated-25 Sep, 2024 | 16:44

WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.

Vendor-wpazure Wpazure Themes

Product-upfrontwp Upfrontwp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-24354

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.03% / 9.77%

7 Day CHG~0.00%

Published-22 Jan, 2026 | 16:52

Updated-27 Jan, 2026 | 21:16

WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.

Vendor-PenciDesign

Product-Penci Shortcodes & Performance

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22696

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:10

Updated-09 Jan, 2025 | 15:20

WordPress Affiliate Links Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions.

Vendor-custom4web Custom4Web

Product-affiliate_links_lite Affiliate Links Lite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44143

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.15% / 35.76%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 15:55

Updated-02 Aug, 2024 | 19:59

WordPress Bamboo Columns Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns allows Stored XSS.This issue affects Bamboo Columns: from n/a through 1.6.1.

Vendor-bamboo_mcr Bamboo Mcr

Product-bamboo_columns Bamboo Columns

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22721

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.18% / 39.70%

7 Day CHG~0.00%

Published-23 Jan, 2023 | 17:50

Updated-07 Nov, 2023 | 04:07

WordPress Oi Yandex.Maps for WordPress Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.

Vendor-oi_yandex.maps_project Alexei Isaenko

Product-oi_yandex.maps Oi Yandex.Maps for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22698

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 09:32

Updated-02 Aug, 2024 | 13:44

WordPress Theme Blvd Responsive Google Maps Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions.

Vendor-theme_blvd_responsive_google_maps_project Jason Bobich

Product-theme_blvd_responsive_google_maps Theme Blvd Responsive Google Maps

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45049

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.02%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 07:59

Updated-12 Sep, 2024 | 19:40

WordPress YouTube Playlist Player Plugin <= 4.6.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7 versions.

Vendor-getbutterfly Ciprian Popescu

Product-youtube_playlist_player YouTube Playlist Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22711

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:47

Updated-09 Jan, 2025 | 15:20

WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.

Vendor-Agent Evolution

Product-impress_listings IMPress Listings

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-11 May, 2023 | 14:31

Updated-19 Feb, 2025 | 21:30

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.

Vendor-wp_links_page_project Robert Macchi

Product-wp_links_page WP Links Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22713

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 32.46%

7 Day CHG~0.00%

Published-03 May, 2023 | 11:14

Updated-19 Feb, 2025 | 21:32

WordPress Gutenberg Blocks by WordPress Download Manager Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions.

Vendor-WordPress Download Manager Pro

Product-gutenberg_blocks_for_wordpress_download_manager Gutenberg Blocks by WordPress Download Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-22717

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.92%

7 Day CHG~0.00%

Published-15 May, 2023 | 11:09

Updated-09 Jan, 2025 | 15:16

WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions.

Vendor-ncrafts nCrafts

Product-formcraft FormCraft

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44985

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.15% / 36.37%

7 Day CHG~0.00%

Published-16 Oct, 2023 | 10:46

Updated-16 Sep, 2024 | 14:37

WordPress BuddyMeet Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions.

Vendor-cytechmobile Cytech

Product-buddymeet BuddyMeet

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-26895

Credits

WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs