ByteOS Network

Vulnerability Details :

CVE-2025-27303

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-24 Feb, 2025 | 14:48

Updated At-24 Feb, 2025 | 16:58

WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating allows Stored XSS. This issue affects Contact Form 7 Star Rating: from n/a through 1.10.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:24 Feb, 2025 | 14:48

Updated At:24 Feb, 2025 | 16:58

▼CVE Numbering Authority (CNA)

WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

themelogger

Product

Contact Form 7 Star Rating

Collection URL

https://wordpress.org/plugins

Package Name

contact-form-7-star-rating

Default Status

unaffected

Versions

Affected

From n/a through 1.10 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Credits

finder

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/contact-form-7-star-rating/vulnerability/wordpress-contact-form-7-star-rating-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/contact-form-7-star-rating/vulnerability/wordpress-contact-form-7-star-rating-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:24 Feb, 2025 | 15:15

Updated At:24 Feb, 2025 | 15:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/contact-form-7-star-rating/vulnerability/wordpress-contact-form-7-star-rating-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1204Records found

CVE-2023-27621

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:58

Updated-24 Sep, 2024 | 19:08

WordPress Livestream Notice Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.

Vendor-mrdemonwolf MrDemonWolf

Product-livestream_notice Livestream Notice

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28533

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.13%

7 Day CHG+0.01%

Published-17 Aug, 2023 | 08:04

Updated-25 Sep, 2024 | 16:43

WordPress Cab Grid Plugin <= 1.5.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Williams Cab Grid plugin <= 1.5.15 versions.

Vendor-nimbus M Williams

Product-cab_grid Cab Grid

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27622

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.49%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:53

Updated-23 Sep, 2024 | 12:51

WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions.

Vendor-guruwalk Abel Ruiz

Product-guruwalk_affiliates GuruWalk Affiliates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28620

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 14:28

Updated-10 Oct, 2024 | 18:56

WordPress Cyberus Key Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.

Vendor-cyberuslabs Cyberus Labs

Product-cyberus_key Cyberus Key

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28414

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:10

Updated-09 Jan, 2025 | 15:17

WordPress ApexChat Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions.

Vendor-apexchat ApexChat

Product-apexchat ApexChat

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27618

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:33

Updated-02 Aug, 2024 | 12:16

WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.

Vendor-Agile Logix

Product-store_locator Store Locator WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27614

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:54

Updated-09 Jan, 2025 | 15:37

WordPress Motor Racing League Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions.

Vendor-motor_racing_league_project Ian Haycox

Product-motor_racing_league Motor Racing League

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26537

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:13

Updated-19 Feb, 2025 | 21:29

WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions.

Vendor-wp_no_external_links_project nicolly

Product-wp_no_external_links WP No External Links

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27427

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 12:21

Updated-10 Oct, 2024 | 17:12

WordPress CRM Memberships Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.

Vendor-ntzapps NTZApps

Product-crm_memberships CRM Memberships

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26534

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:51

Updated-19 Feb, 2025 | 21:28

WordPress WP Repost Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <= 0.1 versions.

Vendor-onewebsite OneWebsite

Product-wp_repost WP Repost

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27425

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:47

Updated-02 Aug, 2024 | 13:44

WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.

Vendor-electric_studio_client_login_project James Irving-Swift

Product-electric_studio_client_login Electric Studio Client Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26529

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 Apr, 2023 | 12:30

Updated-10 Jan, 2025 | 19:12

WordPress DupeOff Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.

Vendor-dupeoff_project DupeOff.com

Product-dupeoff DupeOff

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26539

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.56%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:50

Updated-10 Oct, 2024 | 17:22

WordPress Advanced Text Widget Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.

Vendor-advanced_text_widget_project Max Chirkov

Product-advanced_text_widget Advanced Text Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-50896

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 31.43%

7 Day CHG~0.00%

Published-29 Dec, 2023 | 11:09

Updated-02 Aug, 2024 | 22:23

WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.

Vendor-weForms (InMotion Hosting, Inc.)

Product-weforms weForms – Easy Drag & Drop Contact Form Builder For WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25461

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:13

Updated-09 Jan, 2025 | 15:33

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.

Vendor-smartlogix namithjawahar

Product-wp-insert Wp-Insert

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25442

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:45

Updated-02 Aug, 2024 | 13:44

WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.

Vendor-zeno_font_resizer_project Marcel Pol

Product-zeno_font_resizer Zeno Font Resizer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25781

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-26 May, 2023 | 11:19

Updated-10 Oct, 2024 | 17:31

WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.

Vendor-upload_file_type_settings_plugin_project Sebastian Krysmanski

Product-upload_file_type_settings_plugin Upload File Type Settings Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:48

Updated-19 Feb, 2025 | 21:37

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

Vendor-Ajay D'Souza

Product-top_10_-_popular_posts Top 10 – Popular posts plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26000

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.50%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:51

WordPress Bang tinh vay <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1.

Vendor-hanhdo205

Product-Bang tinh vay

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25702

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:39

Updated-10 Jan, 2025 | 18:57

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Vendor-fullworksplugins Fullworks

Product-quick_paypal_payments Quick Paypal Payments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25958

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:15

Updated-09 Jan, 2025 | 15:16

WordPress Simple Tooltips Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.

Vendor-simple_tooltips_project Justin Saad

Product-simple_tooltips Simple Tooltips

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26012

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-04 May, 2023 | 13:14

Updated-09 Jan, 2025 | 15:28

WordPress Custom Login Page Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.

Vendor-custom_login_page_project Denzel Chia | Phire Design

Product-custom_login_page Custom Login Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25488

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:54

Updated-19 Feb, 2025 | 21:25

WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions.

Vendor-ducbuiquang Duc Bui Quang

Product-wp_default_feature_image WP Default Feature Image

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25491

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-06 May, 2023 | 22:55

Updated-02 Aug, 2024 | 13:44

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions.

Vendor-jch_optimize_project Samuel Marshall

Product-jch_optimize JCH Optimize

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25710

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:34

Updated-09 Jan, 2025 | 15:35

WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.

Vendor-digitalblue DIGITALBLUE

Product-click_to_call_or_chat_buttons Click to Call or Chat Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25782

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 09:49

Updated-02 Aug, 2024 | 11:32

WordPress Service Area Postcode Checker Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions.

Vendor-plustime Second2none

Product-service_area_postcode_checker Service Area Postcode Checker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25984

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.13%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:07

Updated-25 Sep, 2024 | 16:50

WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.

Vendor-rigorous-digital Rigorous & Factory Pattern

Product-dovetail Dovetail

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26017

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:24

Updated-19 Feb, 2025 | 21:31

WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.

Vendor-blueglass BlueGlass

Product-jobs_for_wordpress Jobs for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25456

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:56

Updated-02 Aug, 2024 | 13:45

WordPress Klaviyo Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions.

Vendor-klaviyo Klaviyo, Inc.

Product-klaviyo Klaviyo

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25792

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:15

Updated-19 Feb, 2025 | 21:32

WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions.

Vendor-wp_open_social_project XiaoMac

Product-wp_open_social WP Open Social

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25705

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:33

Updated-19 Feb, 2025 | 21:34

WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.

Vendor-goprayer Go Prayer

Product-wp_prayer WP Prayer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25978

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 15:09

Updated-02 Aug, 2024 | 13:40

WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions.

Vendor-mindutopia Nate Reist

Product-protected_posts_logout_button Protected Posts Logout Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26016

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-04 May, 2023 | 12:59

Updated-09 Jan, 2025 | 15:28

WordPress Simple Portfolio Gallery Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions.

Vendor-simple_portfolio_gallery_project Tauhidul Alam

Product-simple_portfolio_gallery Simple Portfolio Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25704

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 08:19

Updated-10 Jan, 2025 | 19:15

WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin <= 1.0 versions.

Vendor-wpmart Mehjabin Orthi

Product-interactive_svg_image_map_builder Interactive SVG Image Map Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25465

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 09:52

Updated-19 Feb, 2025 | 21:24

WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-wp-tell-a-friend-popup-form wp tell a friend popup form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25462

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:18

Updated-19 Feb, 2025 | 21:25

WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.

Vendor-antonioandrade

Product-wp_htaccess_control WP htaccess Control

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25712

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:29

Updated-19 Feb, 2025 | 21:34

WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.

Vendor-wp-buddy WP-Buddy

Product-google_analytics_opt-out Google Analytics Opt-Out

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25795

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:28

Updated-13 Jan, 2025 | 15:50

WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.

Vendor-wp-master WP-master.ir

Product-feed_changer_\&_remover Feed Changer & Remover

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25485

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:33

Updated-09 Jan, 2025 | 15:34

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

Vendor-json-content-importer Bernhard Kux

Product-json_content_importer JSON Content Importer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25964

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 14:07

Updated-01 Nov, 2024 | 14:02

WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions.

Vendor-designextreme Noah Hearle, Design Extreme

Product-we\'re_open\!We’re Open!

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-15 Jun, 2023 | 12:28

Updated-02 Aug, 2024 | 11:39

WordPress Старт Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress Старт plugin <= 3.7 versions.

Vendor-iksweb IKSWEB

Product-wordpress_ctapt WordPress Старт

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.50%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:27

WordPress Next Event Calendar <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a through 1.2.

Vendor-Marchetti Design

Product-Next Event Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25962

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-04 May, 2023 | 12:47

Updated-09 Jan, 2025 | 15:28

WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.

Vendor-Biplob Adhikari (Oxilab Development)

Product-accordions Accordion – Multiple Accordion or FAQs Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:43

Updated-02 Aug, 2024 | 13:44

WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.

Vendor-tapfiliate Tapfiliate

Product-tapfiliate Tapfiliate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25484

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 16:50

Updated-09 Jan, 2025 | 15:34

WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions.

Vendor-simple_yearly_archive_project Oliver Schlöbe

Product-simple_yearly_archive Simple Yearly Archive

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25483

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.49%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:42

Updated-23 Sep, 2024 | 12:52

WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions.

Vendor-easycomingsoon Ankit Agarwal, Priyanshu Mittal

Product-easy_coming_soon Easy Coming Soon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24390

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.10% / 27.69%

7 Day CHG~0.00%

Published-18 Jul, 2023 | 14:07

Updated-25 Sep, 2024 | 17:01

WordPress WeSecur Security Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.

Vendor-wesecur WeSecur

Product-wesecur WeSecur Security

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:50

Updated-10 Jan, 2025 | 19:10

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.

Vendor-Smplug-in WpDevArt

Product-social_like_box_and_page Social Like Box and Page by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25022

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:40

Updated-10 Jan, 2025 | 19:00

WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.

Vendor-kibokolabs Kiboko Labs

Product-watu_quiz Watu Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23870

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 12:44

Updated-10 Jan, 2025 | 19:11

WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.

Vendor-WpDevArt

Product-responsive_vertical_icon_menu Responsive Vertical Icon Menu

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-27303

Credits

WordPress Contact Form 7 Star Rating plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs