Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-28855

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-26 Mar, 2025 | 14:24
Updated At-28 Apr, 2026 | 16:11
Rejected At-
Credits

WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:26 Mar, 2025 | 14:24
Updated At:28 Apr, 2026 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4.

Affected Products
Vendor
srcoley
Product
Teleport
Collection URL
https://wordpress.org/plugins
Package Name
teleport
Default Status
unaffected
Versions
Affected
  • From 0 through 1.2.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591Reflected XSS
CAPEC ID: CAPEC-591
Description: Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Abdi Pranata | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/teleport/vulnerability/wordpress-teleport-plugin-1-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/teleport/vulnerability/wordpress-teleport-plugin-1-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:26 Mar, 2025 | 15:16
Updated At:23 Apr, 2026 | 15:26

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/teleport/vulnerability/wordpress-teleport-plugin-1-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/teleport/vulnerability/wordpress-teleport-plugin-1-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2438Records found
CVE-2025-27267
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.43%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through <= 1.3.

Action-Not Available
Vendor-srcoley
Product-Random Quotes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.06%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 13:38
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tweeple Plugin <= 0.9.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <= 0.9.5 versions.

Action-Not Available
Vendor-themeblvdTheme Blvd
Product-tweepleTweeple
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41751
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG+0.02%
Published-09 Dec, 2025 | 08:07
Updated-19 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in pxc_portCntr.php

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_nat_2208_firmwarefl_switch_2316\/k1fl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_nat_2304-2gc-2sfp_firmwarefl_switch_2208_pnfl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30877
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 08:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XML for Google Merchant Center Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov XML for Google Merchant Center plugin <= 3.0.1 versions.

Action-Not Available
Vendor-icopydocMaxim Glazunov
Product-xml_for_google_merchant_centerXML for Google Merchant Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41752
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG+0.02%
Published-09 Dec, 2025 | 08:07
Updated-19 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in pxc_portSfp.php

An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_nat_2208_firmwarefl_switch_2316\/k1fl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_nat_2304-2gc-2sfp_firmwarefl_switch_2208_pnfl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30483
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 13:42
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Watu Quiz Plugin <= 3.3.9.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.9.2 versions.

Action-Not Available
Vendor-kibokolabsKiboko Labs
Product-watu_quizWatu Quiz
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-31094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-18 Aug, 2023 | 12:50
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.

Action-Not Available
Vendor-wptrioLauri Karisola / WP Trio
Product-stock_sync_for_woocommerceStock Sync for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30777
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-86.51% / 99.43%
||
7 Day CHG-0.81%
Published-10 May, 2023 | 05:50
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.

Action-Not Available
Vendor-advancedcustomfieldsWP Engine
Product-advanced_custom_fieldsAdvanced Custom FieldsAdvanced Custom Fields Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30743
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.79%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 01:35
Updated-28 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Input in SAPUI5

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.

Action-Not Available
Vendor-SAP SE
Product-sapui5SAPUI5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30782
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.69%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 09:43
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.

Action-Not Available
Vendor-churchadminpluginAndy Moyle
Product-church_adminChurch Admin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.06%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 10:28
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ImageRecycle pdf & image compression Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <= 3.1.10 versions.

Action-Not Available
Vendor-imagerecycleImageRecycle
Product-imagerecycle_pdf_\&_image_compressionImageRecycle pdf & image compression
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51703
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:14
Updated-11 May, 2026 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Basics plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in laura20 WP-Basics wp-basics allows Reflected XSS.This issue affects WP-Basics: from n/a through <= 2.0.

Action-Not Available
Vendor-laura20
Product-WP-Basics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30489
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.53% / 67.60%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 14:03
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Subscription Popup Plugin <= 1.2.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-email_subscription_popupEmail Subscription Popup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 12:35
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Easy Duplicate Product Plugin <= 0.3.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 versions.

Action-Not Available
Vendor-wpgemWPGem
Product-woocommerce_easy_duplicate_productWooCommerce Easy Duplicate Product
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-31072
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 14:35
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.

Action-Not Available
Vendor-praveengoswamiPraveen Goswami
Product-advanced_category_templateAdvanced Category Template
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30871
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 10:10
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stock Exporter for WooCommerce Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <= 1.1.0 versions.

Action-Not Available
Vendor-webdadosPT Woo Plugins (by Webdados)
Product-stock_exporter_for_woocommerceStock Exporter for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 11:58
Updated-11 May, 2026 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HQ60 Fidelity Card plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TRe Technology And Research S.r.l. HQ60 Fidelity Card hq60-fidelity-card allows Reflected XSS.This issue affects HQ60 Fidelity Card: from n/a through <= 1.8.

Action-Not Available
Vendor-TRe Technology And Research S.r.l.
Product-HQ60 Fidelity Card
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28992
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 05:21
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions.

Action-Not Available
Vendor-relywpElliot Sowersby, RelyWP
Product-coupon_affiliatesCoupon Affiliates – WooCommerce Affiliate Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51714
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 11:58
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Password Reset plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techdabang User Password Reset user-password-reset allows Reflected XSS.This issue affects User Password Reset: from n/a through <= 1.0.

Action-Not Available
Vendor-techdabang
Product-User Password Reset
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41749
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.94%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 08:08
Updated-19 Dec, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in port_util.php

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_switch_2316\/k1fl_nat_2208_firmwarefl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_switch_2208_pnfl_nat_2304-2gc-2sfp_firmwarefl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51691
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:51
Updated-11 May, 2026 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Amplify plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aryanduntley Admin Amplify wpr-admin-amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through <= 1.3.0.

Action-Not Available
Vendor-aryanduntley
Product-Admin Amplify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29430
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 09:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.

Action-Not Available
Vendor-cththemesCTHthemes
Product-theroofTheRoof
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 09:23
Updated-12 May, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Don't Break The Code plugin <= .3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Coleman Don't Break The Code dont-break-the-code allows Reflected XSS.This issue affects Don't Break The Code: from n/a through <= .3.1.

Action-Not Available
Vendor-Jason Coleman
Product-Don't Break The Code
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41750
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG+0.02%
Published-09 Dec, 2025 | 08:07
Updated-19 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in pxc_PortCfg.php

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_switch_2316\/k1fl_nat_2208_firmwarefl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_switch_2208_pnfl_nat_2304-2gc-2sfp_firmwarefl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:46
Updated-12 May, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Search order by product SKU for WooCommerce plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in labdav Search order by product SKU for WooCommerce search-order-by-product-sku-for-woocommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through <= 0.2.

Action-Not Available
Vendor-labdav
Product-Search order by product SKU for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:41
Updated-11 May, 2026 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Geotagged Media plugin <= 0.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalfisherman Geotagged Media geotagged-media allows Reflected XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0.

Action-Not Available
Vendor-digitalfisherman
Product-Geotagged Media
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41695
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.58%
||
7 Day CHG+0.01%
Published-09 Dec, 2025 | 08:10
Updated-19 Dec, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in dyn_conn.php

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_nat_2208_firmwarefl_switch_2316\/k1fl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_nat_2304-2gc-2sfp_firmwarefl_switch_2208_pnfl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 11:59
Updated-11 May, 2026 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jigoshop plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Visser Jigoshop – Store Toolkit jigoshop-store-toolkit allows Reflected XSS.This issue affects Jigoshop – Store Toolkit: from n/a through <= 1.4.0.

Action-Not Available
Vendor-Michael Visser
Product-Jigoshop – Store Toolkit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GoQSmile plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in goqsystem GoQSmile goqsmile allows Reflected XSS.This issue affects GoQSmile: from n/a through <= 1.0.1.

Action-Not Available
Vendor-goqsystem
Product-GoQSmile
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.94%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders theme-blvd-sliders allows Reflected XSS.This issue affects Theme Blvd Sliders: from n/a through <= 1.2.5.

Action-Not Available
Vendor-Jason
Product-Theme Blvd Sliders
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 12:57
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.

Action-Not Available
Vendor-simplecodingVladimir Statsenko
Product-terms_descriptionsTerms descriptions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41748
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG+0.02%
Published-09 Dec, 2025 | 08:09
Updated-19 Dec, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in pxc_Dot1xCfg.php

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_nat_2208_firmwarefl_switch_2414-2sfxfl_switch_2412-2tc-2sfx_firmwarefl_switch_2506-2sfp_firmwarefl_switch_2316\/k1fl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2608_firmwarefl_switch_2108_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2516fl_switch_2304-2gc-2sfpfl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2506-2sfp_pnfl_switch_2408_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2504-2gc-2sfpfl_switch_2308_firmwarefl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_nat_2304-2gc-2sfp_firmwarefl_switch_2208_pnfl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2608_pn_firmwarefl_switch_2404-2tc-2sfxfl_switch_2005_firmwarefl_switch_2508fl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2708_pnfl_switch_2303-8sp1fl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 09:20
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Firework Shoppable Live Video plugin <= 6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefan Backor Firework Shoppable Live Video firework-videos allows Reflected XSS.This issue affects Firework Shoppable Live Video: from n/a through <= 6.3.

Action-Not Available
Vendor-Stefan Backor
Product-Firework Shoppable Live Video
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.68%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-continuous_image_carousel_with_lightboxContinuous Image Carousel With Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 12:37
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.

Action-Not Available
Vendor-Themesgrove
Product-WidgetKit Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.07%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LeadBoxer plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer leadboxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through <= 1.3.

Action-Not Available
Vendor-LeadBoxer
Product-LeadBoxer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28784
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.68%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:21
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.

Action-Not Available
Vendor-contest-galleryContest Gallery
Product-contest_galleryContest Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 08:05
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tags Cloud Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions.

Action-Not Available
Vendor-tags_cloud_manager_projectAakif Kadiwala
Product-tags_cloud_managerTags Cloud Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51697
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:37
Updated-11 May, 2026 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doofinder plugin <= 0.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through <= 0.5.4.

Action-Not Available
Vendor-Doofinder
Product-Doofinder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 21:24
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gameplan theme <= 1.5.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CactusThemes Gameplan gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through <= 1.5.10.

Action-Not Available
Vendor-CactusThemes
Product-Gameplan
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52462
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP e-Commerce Style Email plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Reflected XSS.This issue affects WP e-Commerce Style Email: from n/a through <= 0.6.2.

Action-Not Available
Vendor-Jacob Schwartz
Product-WP e-Commerce Style Email
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1.

Action-Not Available
Vendor-eduNEXT
Product-Open edX LMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-5151
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.69%
||
7 Day CHG~0.00%
Published-13 Jul, 2024 | 06:00
Updated-13 May, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SULly < 4.3.1 - Admin+ Stored XSS

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-toolstackUnknowntoolstack
Product-sullySULlysully
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:52
Updated-12 May, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Slide Categorywise plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neelam.samariya Wp Slide Categorywise wp-slide-categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through <= 1.1.

Action-Not Available
Vendor-neelam.samariya
Product-Wp Slide Categorywise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51709
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:08
Updated-12 May, 2026 | 23:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TeleAdmin plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mariandz TeleAdmin teleadmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through <= 1.0.0.

Action-Not Available
Vendor-mariandz
Product-TeleAdmin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chameleoni Jobs plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chameleoni Chameleoni Jobs chameleon-jobs allows Reflected XSS.This issue affects Chameleoni Jobs: from n/a through <= 2.5.4.

Action-Not Available
Vendor-Chameleoni
Product-Chameleoni Jobs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51759
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 11:51
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SVT Simple plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Beyer SVT Simple svt-simple allows Reflected XSS.This issue affects SVT Simple: from n/a through <= 1.0.1.

Action-Not Available
Vendor-Detlef Beyer
Product-SVT Simple
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 12:38
Updated-11 May, 2026 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Syndication Toolkit Reader plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ben.moody Content Syndication Toolkit Reader content-syndication-toolkit-reader allows Reflected XSS.This issue affects Content Syndication Toolkit Reader: from n/a through <= 1.5.

Action-Not Available
Vendor-ben.moody
Product-Content Syndication Toolkit Reader
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 11:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPHelpful plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackgilbert WPHelpful wphelpful allows Stored XSS.This issue affects WPHelpful: from n/a through <= 1.2.4.

Action-Not Available
Vendor-zackgilbert
Product-WPHelpful
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52464
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress amr shortcodes plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr shortcodes amr-shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through <= 1.7.

Action-Not Available
Vendor-anmari
Product-amr shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found