ByteOS Network

Vulnerability Details :

CVE-2025-31605

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-31 Mar, 2025 | 12:55

Updated At-28 Apr, 2026 | 16:12

WordPress Welcome Popup plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WeblineIndia Welcome Popup welcome-popup allows Stored XSS.This issue affects Welcome Popup: from n/a through <= 1.0.10.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:31 Mar, 2025 | 12:55

Updated At:28 Apr, 2026 | 16:12

▼CVE Numbering Authority (CNA)

WordPress Welcome Popup plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

WeblineIndia

Product

Welcome Popup

Collection URL

https://wordpress.org/plugins

Package Name

welcome-popup

Default Status

unaffected

Versions

Affected

From 0 through 1.0.10 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	Stored XSS

CAPEC ID: CAPEC-592

Description: Stored XSS

Credits

finder

Pham Van Tam | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/welcome-popup/vulnerability/wordpress-welcome-popup-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/welcome-popup/vulnerability/wordpress-welcome-popup-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:31 Mar, 2025 | 13:15

Updated At:23 Apr, 2026 | 15:28

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/welcome-popup/vulnerability/wordpress-welcome-popup-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/welcome-popup/vulnerability/wordpress-welcome-popup-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1265Records found

CVE-2023-24383

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:12

Updated-28 Apr, 2026 | 16:08

WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-namaste\!_lms Namaste! LMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24376

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-08 May, 2023 | 21:37

Updated-28 Apr, 2026 | 16:08

WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

Vendor-wp_simple_events_project Nico Graff

Product-wp_simple_events WP Simple Events

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24401

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.64%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:48

Updated-28 Apr, 2026 | 16:08

WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.

Vendor-davidsword Davidsword

Product-mobile_call_now_\&_map_buttons Mobile Call Now & Map Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24372

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:44

Updated-28 Apr, 2026 | 16:08

WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.

Vendor-usbmemorydirect USB Memory Direct

Product-simple_custom_author_profiles Simple Custom Author Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24396

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:14

Updated-28 Apr, 2026 | 16:08

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

Vendor-vikwp E4J s.r.l.

Product-vikbooking_hotel_booking_engine_\&_pms VikBooking Hotel Booking Engine & PMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24412

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.64%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:44

Updated-28 Apr, 2026 | 16:08

WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.

Vendor-web-settler Web-Settler

Product-image_social_feed Image Social Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24394

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.65%

7 Day CHG+0.01%

Published-25 Aug, 2023 | 10:23

Updated-28 Apr, 2026 | 16:08

WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.

Vendor-iframe_project Gopi Ramasamy

Product-iframe iframe popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.24% / 46.42%

7 Day CHG~0.00%

Published-28 Mar, 2025 | 11:54

Updated-28 Apr, 2026 | 16:12

WordPress Text Selection Color plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmur Rahman Text Selection Color text-selection-color allows Stored XSS.This issue affects Text Selection Color: from n/a through <= 1.6.

Vendor-Nazmur Rahman

Product-Text Selection Color

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43967

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 29.83%

7 Day CHG~0.00%

Published-26 Aug, 2024 | 15:12

Updated-28 Apr, 2026 | 16:10

WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1.

Vendor-starkdigital Stark Digital

Product-wp_testimonial_widget WP Testimonial Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25049

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.29%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:12

Updated-28 Apr, 2026 | 16:08

WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.

Vendor-implecode impleCode

Product-ecommerce_product_catalog eCommerce Product Catalog Plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24398

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.42%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:20

Updated-28 Apr, 2026 | 16:08

WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_coming_soon_page EZP Coming Soon Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31471

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.27% / 50.71%

7 Day CHG~0.00%

Published-28 Mar, 2025 | 11:54

Updated-28 Apr, 2026 | 16:12

WordPress Duplicate Page and Post plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Stored XSS.This issue affects Duplicate Page and Post: from n/a through <= 1.0.

Vendor-Falcon Solutions

Product-Duplicate Page and Post

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24389

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 24.65%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:01

Updated-28 Apr, 2026 | 16:08

WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.

Vendor-brandid brandiD

Product-social_proof_\(testimonial\)_slider Social Proof (Testimonial) Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-6370

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 10.92%

7 Day CHG~0.00%

Published-15 Apr, 2026 | 16:02

Updated-22 Apr, 2026 | 20:23

WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4.

Vendor-HashThemes

Product-Mini Ajax Cart for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-44046

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 29.89%

7 Day CHG~0.00%

Published-06 Oct, 2024 | 11:48

Updated-28 Apr, 2026 | 16:10

WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify – WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through <= 1.5.1.

Vendor-themify themifyme

Product-woocommerce_product_filter Themify – WooCommerce Product Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23785

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-03 May, 2023 | 14:12

Updated-28 Apr, 2026 | 16:08

WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.

Vendor-exquisite_paypal_donation_project DgCult

Product-exquisite_paypal_donation Exquisite PayPal Donation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23718

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 11:22

Updated-28 Apr, 2026 | 16:08

WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions.

Vendor-page_loading_effects_project Esstat17

Product-page_loading_effects Page Loading Effects

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:28

Updated-28 Apr, 2026 | 16:08

WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.

Vendor-premmerce Premmerce

Product-premmerce_redirect_manager Premmerce Redirect Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:50

Updated-28 Apr, 2026 | 16:08

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.

Vendor-Smplug-in WpDevArt

Product-social_like_box_and_page Social Like Box and Page by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43960

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 43.81%

7 Day CHG~0.00%

Published-29 Aug, 2024 | 17:47

Updated-28 Apr, 2026 | 16:10

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6.

Vendor-pagebuilderaddons Page Builder Addons

Product-web_and_woocommerce_addons_for_wpbakery_builder Web and WooCommerce Addons for WPBakery Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30928

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.17% / 37.75%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-28 Apr, 2026 | 16:12

WordPress WP Biographia plugin <= 4.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vicchi WP Biographia wp-biographia allows Stored XSS.This issue affects WP Biographia: from n/a through <= 4.0.0.

Vendor-vicchi

Product-WP Biographia

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23707

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 38.73%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:12

Updated-28 Apr, 2026 | 16:08

WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions.

Vendor-AWSM Digital Innovations

Product-embed_any_document Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:50

Updated-28 Apr, 2026 | 16:08

WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.

Vendor-ylefebvre Yannick Lefebvre

Product-modal_dialog Modal Dialog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23732

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:29

Updated-28 Apr, 2026 | 16:08

WordPress Disqus Conditional Load Plugin <= 11.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions.

Vendor-disqus_conditional_load_project Joel James

Product-disqus_conditional_load Disqus Conditional Load

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23683

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-15 May, 2023 | 11:36

Updated-28 Apr, 2026 | 16:08

WordPress White Label Branding for Elementor Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions.

Vendor-white_label_branding_for_elementor_page_builder_project Ozan Canakli

Product-white_label_branding_for_elementor_page_builder White Label Branding for Elementor Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23727

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:43

Updated-28 Apr, 2026 | 16:08

WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.

Vendor-formilla Formilla

Product-live_chat Live Chat by Formilla

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23812

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:38

Updated-28 Apr, 2026 | 16:08

WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

Vendor-enhanced_wp_contact_form_project Joost de Valk

Product-enhanced_wp_contact_form Enhanced WP Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23816

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:31

Updated-28 Apr, 2026 | 16:08

WordPress Sitemap Index Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.

Vendor-sitemap_index_project Twardes

Product-sitemap_index Sitemap Index

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43986

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 43.81%

7 Day CHG~0.00%

Published-29 Aug, 2024 | 09:00

Updated-28 Apr, 2026 | 16:10

WordPress E-cab taxi booking manager plugin <=1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9.

Vendor-MagePeople

Product-ecab_taxi_booking_manager Taxi Booking Manager for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23995

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:20

Updated-28 Apr, 2026 | 16:08

WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.

Vendor-tinymce_custom_styles_project Tim Reeves & David Stöckl

Product-tinymce_custom_styles TinyMCE Custom Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23863

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-09 May, 2023 | 07:38

Updated-28 Apr, 2026 | 16:08

WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.

Vendor-blackandwhitedigital Black and White Digital Ltd

Product-treepress TreePress – Easy Family Trees & Ancestor Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23807

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.81%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:42

Updated-28 Apr, 2026 | 16:08

WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions.

Vendor-qumos Qumos

Product-mojoplug_slide_panel MojoPlug Slide Panel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-4433

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 34.28%

7 Day CHG+0.02%

Published-02 May, 2024 | 15:37

Updated-28 Apr, 2026 | 16:10

WordPress Simple Image Popup plugin <= 2.4.0 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr Digital Simple Image Popup allows Stored XSS.This issue affects Simple Image Popup: from n/a through 2.4.0.

Vendor-Mr Digital

Product-Simple Image Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23881

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:03

Updated-28 Apr, 2026 | 16:08

WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.

Vendor-greentreelabs GreenTreeLabs

Product-circles_gallery Circles Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24005

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:45

Updated-28 Apr, 2026 | 16:08

WordPress Inline Tweet Sharer – Twitter Sharing Plugin Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions.

Vendor-winwar Winwar Media

Product-inline_tweet_sharer Inline Tweet Sharer – Twitter Sharing Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23723

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-02 May, 2023 | 11:02

Updated-28 Apr, 2026 | 16:08

WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.

Vendor-winwar Winwar Media

Product-wp_email_capture WP Email Capture

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23980

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:39

Updated-28 Apr, 2026 | 16:08

WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.

Vendor-mailoptin MailOptin Popup Builder Team

Product-mailoptin MailOptin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23971

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:04

Updated-28 Apr, 2026 | 16:08

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.

Vendor-CodePeople

Product-wp_time_slots_booking_form WP Time Slots Booking Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:22

Updated-28 Apr, 2026 | 19:19

WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.

Vendor-wpeverest WPEverest

Product-user_registration User Registration

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23710

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:41

Updated-28 Apr, 2026 | 16:08

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.

Vendor-miniorange miniOrange

Product-wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\)WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23806

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:37

Updated-28 Apr, 2026 | 16:08

WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions.

Vendor-wordpress_custom_settings_project Davinder Singh

Product-wordpress_custom_settings Custom Settings

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23808

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-03 May, 2023 | 14:31

Updated-28 Apr, 2026 | 16:08

WordPress Sponsors Carousel Plugin <= 4.02 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions.

Vendor-sponsors_carousel_project Sergey Panasenko

Product-sponsors_carousel Sponsors Carousel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23818

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 12:39

Updated-28 Apr, 2026 | 16:08

WordPress WP Register Profile With Shortcode Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.

Vendor-aviplugins Aviplugins.com

Product-wp_register_profile_with_shortcode WP Register Profile With Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23682

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG-0.09%

Published-15 May, 2023 | 12:14

Updated-28 Apr, 2026 | 16:08

WordPress EZP Maintenance Mode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Maintenance Mode plugin <= 1.0.1 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_maintenance_mode EZP Maintenance Mode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23673

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:28

Updated-28 Apr, 2026 | 16:08

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.

Vendor-themeist Harish Chouhan, Themeist

Product-i_recommend_this I Recommend This

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23799

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:39

Updated-28 Apr, 2026 | 16:08

WordPress Easy Panorama Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.

Vendor-easy_panorama_project Leonardo Giacone

Product-easy_panorama Easy Panorama

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24002

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:04

Updated-28 Apr, 2026 | 16:08

WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.

Vendor-WpDevArt

Product-youtube_embed\,_playlist_and_popup YouTube Embed, Playlist and Popup by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24006

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:55

Updated-28 Apr, 2026 | 16:08

WordPress WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.

Vendor-linksoftwarellc Link Software LLC

Product-wp_terms_popup WP Terms Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24004

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.88%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:00

Updated-28 Apr, 2026 | 16:08

WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.

Vendor-WpDevArt

Product-download_image_and_video_lightbox\,_image_popup Image and Video Lightbox, Image PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-44040

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.62%

7 Day CHG~0.00%

Published-06 Oct, 2024 | 12:11

Updated-28 Apr, 2026 | 16:10

WordPress ShiftController Employee Shift Scheduling plugin <= 4.9.64 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware ShiftController Employee Shift Scheduling shiftcontroller allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through <= 4.9.64.

Vendor-plainware

Product-ShiftController Employee Shift Scheduling

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31605

Credits

WordPress Welcome Popup plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs