ByteOS Network

Vulnerability Details :

CVE-2025-3201

Assigner-WPScan

Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81

Published At-16 May, 2025 | 06:00

Updated At-16 May, 2025 | 17:29

Kali Forms < 2.4.3 - Contributor+ Stored XSS

The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:WPScan

Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81

Published At:16 May, 2025 | 06:00

Updated At:16 May, 2025 | 17:29

▼CVE Numbering Authority (CNA)

Kali Forms < 2.4.3 - Contributor+ Stored XSS

Affected Products

Vendor

Unknown

Product

Contact Form builder with drag & drop for WordPress

Default Status

unaffected

Versions

Affected

From 0 before 2.4.3 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Cross-Site Scripting (XSS)

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Cross-Site Scripting (XSS)

Credits

finder

Dmitrii Ignatyev

coordinator

WPScan

References

Hyperlink	Resource
https://wpscan.com/vulnerability/4248289f-36d2-41c5-baf6-bb2c630482ef/	exploit vdb-entry technical-description

Hyperlink: https://wpscan.com/vulnerability/4248289f-36d2-41c5-baf6-bb2c630482ef/

Resource:

exploit

vdb-entry

technical-description

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:contact@wpscan.com

Published At:16 May, 2025 | 06:15

Updated At:27 May, 2025 | 19:50

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CPE Matches

kaliforms>>kali_forms>>Versions before 2.4.3(exclusive)

cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://wpscan.com/vulnerability/4248289f-36d2-41c5-baf6-bb2c630482ef/	contact@wpscan.com	Exploit Third Party Advisory

Hyperlink: https://wpscan.com/vulnerability/4248289f-36d2-41c5-baf6-bb2c630482ef/

Source: contact@wpscan.com

Resource:

Exploit

Third Party Advisory

Similar CVEs

1264Records found

CVE-2023-45747

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:24

Updated-28 Apr, 2026 | 16:08

WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions.

Vendor-Awesome Motive Inc.

Product-wp_lightbox_2 WP Lightbox 2

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-66081

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.03% / 7.69%

7 Day CHG~0.00%

Published-21 Nov, 2025 | 12:29

Updated-28 Apr, 2026 | 16:14

WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through <= 20250327.

Vendor-Jeff Starr

Product-Head Meta Data

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46066

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.66%

7 Day CHG~0.00%

Published-16 Oct, 2023 | 11:54

Updated-28 Apr, 2026 | 16:08

WordPress Mediabay Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions.

Vendor-codedraft Codedrafty

Product-mediabay_-_wordpress_media_library_folders Mediabay – Media Library Folders

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45764

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:58

Updated-28 Apr, 2026 | 16:08

WordPress Scroll post excerpt Plugin <= 8.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin <= 8.0 versions.

Vendor-gopiplus Gopi Ramasamy

Product-scroll_post_excerpt Scroll post excerpt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45051

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 08:02

Updated-28 Apr, 2026 | 16:08

WordPress Image vertical reel scroll slideshow Plugin <= 9.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0 versions.

Vendor-gopiplus Gopi Ramasamy

Product-image_vertical_reel_scroll_slideshow Image vertical reel scroll slideshow

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44230

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 10:17

Updated-28 Apr, 2026 | 16:08

WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-popup_contact_form Popup contact form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44229

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-16 Oct, 2023 | 10:29

Updated-28 Apr, 2026 | 16:08

WordPress Tiny Carousel Horizontal Slider Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-tiny_carosel_horizontal_slider Tiny Carousel Horizontal Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44990

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-17 Oct, 2023 | 09:01

Updated-28 Apr, 2026 | 16:08

WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.

Vendor-PluginUs.Net (RealMag777)

Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional WOLF – WordPress Posts Bulk Editor and Manager Professional

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44265

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 10:14

Updated-28 Apr, 2026 | 16:08

WordPress Popup contact form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-popup_contact_form Popup contact form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44262

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 09:55

Updated-28 Apr, 2026 | 16:08

WordPress Blocks Plugin <= 1.6.41 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.

Vendor-renzojohnson Renzo Johnson

Product-blocks Blocks

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44263

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 09:37

Updated-28 Apr, 2026 | 16:08

WordPress Social Metrics Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions.

Vendor-riyaz Riyaz

Product-social_metrics Social Metrics

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-67628

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.40%

7 Day CHG~0.00%

Published-24 Dec, 2025 | 13:10

Updated-28 Apr, 2026 | 16:14

WordPress Review Disclaimer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AMP-MODE Review Disclaimer review-disclaimer allows Stored XSS.This issue affects Review Disclaimer: from n/a through <= 2.0.3.

Vendor-AMP-MODE

Product-Review Disclaimer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-67630

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.40%

7 Day CHG~0.00%

Published-24 Dec, 2025 | 13:10

Updated-28 Apr, 2026 | 16:14

WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2.

Vendor-webheadcoder

Product-WH Tweaks

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-16 Oct, 2023 | 11:01

Updated-28 Apr, 2026 | 16:08

WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.

Vendor-gettimely Timely - Appointment software

Product-timely_booking_button Timely Booking Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 07:53

Updated-28 Apr, 2026 | 16:08

WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJohnny Comment Reply Email plugin <= 1.0.3 versions.

Vendor-wpjohnny WPJohnny

Product-comment_reply_email Comment Reply Email

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44239

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 09:30

Updated-28 Apr, 2026 | 16:08

WordPress WWM Social Share On Image Hover Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions.

Vendor-walkswithme Jobin Jose

Product-social_share_on_image_hover WWM Social Share On Image Hover

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45057

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 08:18

Updated-28 Apr, 2026 | 16:08

WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <= 5.86 versions.

Vendor-hitsteps Hitsteps

Product-web_analytics Hitsteps Web Analytics

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45056

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 08:14

Updated-28 Apr, 2026 | 16:08

WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100plugins Open User Map plugin <= 1.3.26 versions.

Vendor-100plugins 100plugins

Product-open_user_map Open User Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44986

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-16 Oct, 2023 | 10:50

Updated-28 Apr, 2026 | 16:08

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.15.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.

Vendor-tychesoftwares Tyche Softwares

Product-abandoned_cart_lite_for_woocommerce Abandoned Cart Lite for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44228

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.10% / 27.50%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 10:33

Updated-28 Apr, 2026 | 16:08

WordPress Onclick Show Popup Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-onclick_show_popup Onclick show popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-44266

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.05%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 10:26

Updated-28 Apr, 2026 | 16:08

WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.

Vendor-wpadminify Jewel Theme

Product-wp_adminify WP Adminify

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45010

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-17 Oct, 2023 | 10:55

Updated-28 Apr, 2026 | 16:08

WordPress Complete Open Graph Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex MacArthur Complete Open Graph plugin <= 3.4.5 versions.

Vendor-Alex MacArthur

Product-complete_open_graph Complete Open Graph

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41948

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-25 Sep, 2023 | 00:36

Updated-28 Apr, 2026 | 16:08

WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.

Vendor-christophrado Christoph Rado

Product-cookie_notice_\&_consent Cookie Notice & Consent

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41729

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 07:39

Updated-28 Apr, 2026 | 16:08

WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.

Vendor-pressified SendPress

Product-sendpress SendPress Newsletters

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41241

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 12:32

Updated-28 Apr, 2026 | 16:08

WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions.

Vendor-surecart SureCart

Product-surecart WordPress Ecommerce For Creating Fast Online Stores

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41859

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:49

Updated-28 Apr, 2026 | 16:08

WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.

Vendor-tychesoftwares Ashok Rane

Product-order_delivery_date_for_wp_e-commerce Order Delivery Date for WP e-Commerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41128

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.84%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:16

Updated-28 Apr, 2026 | 16:08

WordPress WP Roadmap Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.

Vendor-iqonic Iqonic Design

Product-wp_roadmap WP Roadmap – Product Feedback Board

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41855

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:39

Updated-28 Apr, 2026 | 16:08

WordPress Regpack Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.

Vendor-regpacks Regpacks

Product-regpack Regpack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41736

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:00

Updated-28 Apr, 2026 | 16:08

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.

Vendor-gopiplus Gopi Ramasamy

Product-email_posts_to_subscribers Email posts to subscribers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41731

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 07:43

Updated-28 Apr, 2026 | 16:08

WordPress wordpress publish post email notification Plugin <= 1.0.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.

Vendor-i13websolution I Thirteen Web Solution

Product-wordpress_publish_post_email_notification WordPress publish post email notification

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41737

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:04

Updated-28 Apr, 2026 | 16:08

WordPress Swifty Bar, sticky bar by WPGens Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions.

Vendor-wpgens WPGens

Product-swifty_bar Swifty Bar, sticky bar by WPGens

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41655

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-29 Sep, 2023 | 13:24

Updated-28 Apr, 2026 | 16:08

WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions.

Vendor-heiglandreas Andreas Heigl

Product-authldap authLdap

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41136

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.84%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:13

Updated-28 Apr, 2026 | 16:08

WordPress Simple Long Form Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2.

Vendor-ohmybox Laurence/OhMyBox.info

Product-simple_long_form Simple Long Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41949

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-25 Sep, 2023 | 00:31

Updated-28 Apr, 2026 | 16:08

WordPress iFolders Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.

Vendor-avirtum Avirtum

Product-ifolders iFolders

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41657

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-29 Sep, 2023 | 13:29

Updated-28 Apr, 2026 | 16:08

WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.

Vendor-Groundhogg (Groundhogg Inc.)

Product-hollerbox HollerBox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41127

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.84%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:19

Updated-28 Apr, 2026 | 16:08

WordPress Evergreen Content Poster Plugin <= 1.3.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.

Vendor-evergreencontentposter Evergreen Content Poster

Product-evergreen_content_poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41800

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:24

Updated-28 Apr, 2026 | 16:08

WordPress UniConsent Cookie Consent CMP for GDPR / CCPA Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.

Vendor-uniconsent UniConsent

Product-cmp_for_gdpr_cpra_gpp_tcf UniConsent CMP for GDPR CPRA GPP TCF

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41734

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 07:54

Updated-28 Apr, 2026 | 16:08

WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions.

Vendor-nigauri nigauri

Product-insert_estimated_reading_time Insert Estimated Reading Time

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41242

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 32.43%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 12:36

Updated-28 Apr, 2026 | 16:08

WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.

Vendor-creativehassan Hassan Ali

Product-snap_pixel Snap Pixel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:09

Updated-28 Apr, 2026 | 16:08

WordPress wSecure Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.

Vendor-JoomlaServiceProvider

Product-wsecure wSecure Lite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40328

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:26

Updated-28 Apr, 2026 | 16:08

WordPress Carrot Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions.

Vendor-carrrot Carrrot

Product-carrrot Carrrot

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40560

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:08

Updated-28 Apr, 2026 | 16:08

WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

Vendor-toolstack Greg Ross

Product-schedule_posts_calendar Schedule Posts Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40668

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 32.43%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 06:31

Updated-28 Apr, 2026 | 16:08

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions.

Vendor-pdfcrowd Pdfcrowd

Product-save_as_pdf Save as PDF plugin by Pdfcrowd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40329

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:24

Updated-28 Apr, 2026 | 16:08

WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions.

Vendor-wpzest WPZest

Product-custom_admin_login_page_\|_wpzest_plugin Custom Admin Login Page | WPZest

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40675

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 32.43%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:22

Updated-28 Apr, 2026 | 16:08

WordPress Landing Page Builder Plugin <= 1.5.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions.

Vendor-pluginops PluginOps

Product-landing_page_builder Landing Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40680

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.25% / 48.69%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:21

Updated-28 Apr, 2026 | 16:08

WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.

Vendor-yoast Team Yoast

Product-yoast_seo Yoast SEO

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40552

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.51%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:11

Updated-28 Apr, 2026 | 16:08

WordPress Fitness calculators plugin Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators plugin plugin <= 2.0.7 versions.

Vendor-codeinitiator Gurcharan Singh

Product-fitness_calculators_plugin Fitness calculators plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39924

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.40%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:51

Updated-28 Apr, 2026 | 16:08

WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.

Vendor-simplefilelist Mitchell Bennis

Product-simple_file_list Simple File List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-64291

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.03% / 7.69%

7 Day CHG~0.00%

Published-29 Oct, 2025 | 08:38

Updated-28 Apr, 2026 | 18:30

WordPress Premmerce User Roles plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.

Vendor-Premmerce

Product-Premmerce User Roles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-64289

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.03% / 7.69%

7 Day CHG~0.00%

Published-29 Oct, 2025 | 08:38

Updated-28 Apr, 2026 | 18:29

WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.5.

Vendor-Premmerce

Product-Premmerce Product Search for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-3201

Credits

Kali Forms < 2.4.3 - Contributor+ Stored XSS

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs