ByteOS Network

Vulnerability Details :

CVE-2025-32131

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-04 Apr, 2025 | 15:58

Updated At-28 Apr, 2026 | 16:12

WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents live-chat-support-by-social-intents allows Stored XSS.This issue affects Social Intents: from n/a through <= 1.6.19.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:04 Apr, 2025 | 15:58

Updated At:28 Apr, 2026 | 16:12

▼CVE Numbering Authority (CNA)

WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

socialintents

Product

Social Intents

Collection URL

https://wordpress.org/plugins

Package Name

live-chat-support-by-social-intents

Default Status

unaffected

Versions

Affected

From 0 through 1.6.19 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	Stored XSS

CAPEC ID: CAPEC-592

Description: Stored XSS

Credits

finder

Nabil Irawan | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/live-chat-support-by-social-intents/vulnerability/wordpress-social-intents-plugin-1-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/live-chat-support-by-social-intents/vulnerability/wordpress-social-intents-plugin-1-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:04 Apr, 2025 | 16:15

Updated At:23 Apr, 2026 | 15:28

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/live-chat-support-by-social-intents/vulnerability/wordpress-social-intents-plugin-1-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1261Records found

CVE-2023-25795

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:28

Updated-28 Apr, 2026 | 16:08

WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.

Vendor-wp-master WP-master.ir

Product-feed_changer_\&_remover Feed Changer & Remover

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:48

Updated-28 Apr, 2026 | 16:08

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

Vendor-Ajay D'Souza

Product-top_10_-_popular_posts Top 10 – Popular posts plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26541

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.45%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 08:56

Updated-28 Apr, 2026 | 16:08

WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.

Vendor-asmember_project Alexander Suess

Product-asmember asMember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26529

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-03 Apr, 2023 | 12:30

Updated-28 Apr, 2026 | 16:08

WordPress DupeOff Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.

Vendor-dupeoff_project DupeOff.com

Product-dupeoff DupeOff

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25793

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:40

Updated-28 Apr, 2026 | 16:08

WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.

Vendor-link_juice_keeper_project George Pattihis

Product-link_juice_keeper Link Juice Keeper

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24396

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:14

Updated-28 Apr, 2026 | 16:08

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

Vendor-vikwp E4J s.r.l.

Product-vikbooking_hotel_booking_engine_\&_pms VikBooking Hotel Booking Engine & PMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25491

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 May, 2023 | 22:55

Updated-28 Apr, 2026 | 16:08

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions.

Vendor-jch_optimize_project Samuel Marshall

Product-jch_optimize JCH Optimize

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24394

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.78%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:23

Updated-28 Apr, 2026 | 16:08

WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.

Vendor-iframe_project Gopi Ramasamy

Product-iframe iframe popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25442

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:45

Updated-28 Apr, 2026 | 16:08

WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.

Vendor-zeno_font_resizer_project Marcel Pol

Product-zeno_font_resizer Zeno Font Resizer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25488

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:54

Updated-28 Apr, 2026 | 16:08

WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions.

Vendor-ducbuiquang Duc Bui Quang

Product-wp_default_feature_image WP Default Feature Image

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25027

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:46

Updated-28 Apr, 2026 | 16:08

WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.

Vendor-kibokolabs Kiboko Labs

Product-chained_quiz Chained Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24418

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG+0.22%

Published-10 May, 2023 | 07:43

Updated-28 Apr, 2026 | 16:08

WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

Vendor-gopiplus Gopi Ramasamy

Product-tiny_carousel_horizontal_slider_plus Tiny carousel horizontal slider plus

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25451

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:41

Updated-28 Apr, 2026 | 16:08

WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.

Vendor-wpchill WPChill

Product-cpo_content_types CPO Content Types

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25023

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:36

Updated-28 Apr, 2026 | 16:08

WordPress WebinarIgnition Plugin <= 2.14.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions.

Vendor-saleswonder Saleswonder.biz

Product-webinarignition Webinar ignition

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25028

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.45%

7 Day CHG~0.00%

Published-24 May, 2023 | 16:42

Updated-28 Apr, 2026 | 16:08

WordPress CC Custom Taxonomy Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions.

Vendor-cc_custom_taxonomy_project chuyencode

Product-cc_custom_taxonomy CC Custom Taxonomy

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25044

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:51

Updated-28 Apr, 2026 | 16:08

WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.

Vendor-sumo Sumo

Product-social_share_boost Social Share Boost

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25458

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-04 May, 2023 | 19:24

Updated-28 Apr, 2026 | 16:08

WordPress TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.

Vendor-gmo GMO Internet Group, Inc.

Product-typesquare_webfonts_for_conoha TypeSquare Webfonts for ConoHa

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25465

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 09:52

Updated-28 Apr, 2026 | 16:08

WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-wp-tell-a-friend-popup-form wp tell a friend popup form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25046

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.23% / 45.26%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:26

Updated-28 Apr, 2026 | 16:08

WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.

Vendor-podlove Podlove

Product-podlove_podcast_publisher Podlove Podcast Publisher

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25063

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.29%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:38

Updated-28 Apr, 2026 | 16:08

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.

Vendor-anadnet Anadnet

Product-quick_page\/post_redirect_plugin Quick Page/Post Redirect Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25485

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:33

Updated-28 Apr, 2026 | 16:08

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

Vendor-json-content-importer Bernhard Kux

Product-json_content_importer JSON Content Importer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24402

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.20% / 41.94%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 08:48

Updated-28 Apr, 2026 | 16:08

WordPress WP Booking System Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.

Vendor-wpbookingsystem Veribo, Roland Murg

Product-wp_booking_system WP Booking System – Booking Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25031

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:01

Updated-28 Apr, 2026 | 16:08

WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-arigato_autoresponder_and_newsletter Arigato Autoresponder and Newsletter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24387

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:57

Updated-28 Apr, 2026 | 16:08

WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.

Vendor-WpDevArt

Product-organization_chart Organization chart

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24381

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:47

Updated-28 Apr, 2026 | 16:08

WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.

Vendor-nsthemes NsThemes

Product-advanced_social_pixel Advanced Social Pixel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25456

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:56

Updated-28 Apr, 2026 | 16:08

WordPress Klaviyo Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions.

Vendor-klaviyo Klaviyo, Inc.

Product-klaviyo Klaviyo

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24372

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:44

Updated-28 Apr, 2026 | 16:08

WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.

Vendor-usbmemorydirect USB Memory Direct

Product-simple_custom_author_profiles Simple Custom Author Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24401

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:48

Updated-28 Apr, 2026 | 16:08

WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.

Vendor-davidsword Davidsword

Product-mobile_call_now_\&_map_buttons Mobile Call Now & Map Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:46

Updated-28 Apr, 2026 | 16:08

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Vendor-archivist_-_custom_archive_templates_project Eric Teubert

Product-archivist_-_custom_archive_templates Archivist – Custom Archive Templates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25459

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.29%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:03

Updated-28 Apr, 2026 | 16:08

WordPress Post Snippets Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.

Vendor-postsnippets Postsnippets

Product-post_snippets Post Snippets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24406

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG+0.22%

Published-10 May, 2023 | 08:01

Updated-28 Apr, 2026 | 16:08

WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Vendor-simple_popup_project Muneeb ur Rehman

Product-simple_popup Simple PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24383

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:12

Updated-28 Apr, 2026 | 16:08

WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-namaste\!_lms Namaste! LMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24376

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-08 May, 2023 | 21:37

Updated-28 Apr, 2026 | 16:08

WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

Vendor-wp_simple_events_project Nico Graff

Product-wp_simple_events WP Simple Events

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25483

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.57%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:42

Updated-28 Apr, 2026 | 16:08

WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions.

Vendor-easycomingsoon Ankit Agarwal, Priyanshu Mittal

Product-easy_coming_soon Easy Coming Soon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24385

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.10%

7 Day CHG~0.00%

Published-17 Oct, 2023 | 08:58

Updated-28 Apr, 2026 | 16:08

WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.

Vendor-davidlingren David Lingren

Product-media_library_assistant Media Library Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25477

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:38

Updated-28 Apr, 2026 | 16:08

WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions.

Vendor-yotuwp Yotuwp

Product-video_gallery Video Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25021

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-08 May, 2023 | 11:48

Updated-28 Apr, 2026 | 16:08

WordPress FareHarbor for WordPress Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions.

Vendor-fareharbor FareHarbor

Product-fareharbor FareHarbor for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25064

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:40

Updated-28 Apr, 2026 | 16:08

WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions.

Vendor-wp_htpasswd_project Matteo Candura

Product-wp_htpasswd WP htpasswd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25049

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:12

Updated-28 Apr, 2026 | 16:08

WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.

Vendor-implecode impleCode

Product-ecommerce_product_catalog eCommerce Product Catalog Plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:18

Updated-28 Apr, 2026 | 16:08

WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.

Vendor-cms_press_project Michael Pretty (prettyboymp)

Product-cms_press CMS Press

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25024

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:51

Updated-28 Apr, 2026 | 16:08

WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.

Vendor-icegram Icegram

Product-icegram_collect Icegram Collect

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29029

Matching Score-4

Assigner-Rockwell Automation

View Details

Matching Score-4

Assigner-Rockwell Automation

CVSS Score-4.7||MEDIUM

EPSS-0.20% / 42.09%

7 Day CHG+0.03%

Published-11 May, 2023 | 17:51

Updated-24 Jan, 2025 | 17:15

Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.

Vendor-Rockwell Automation, Inc.

Product-armorstart_st_281e armorstart_st_284ee_firmware armorstart_st_284ee armorstart_st_281e_firmware ArmorStart ST

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24412

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:44

Updated-28 Apr, 2026 | 16:08

WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.

Vendor-web-settler Web-Settler

Product-image_social_feed Image Social Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24390

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 25.65%

7 Day CHG~0.00%

Published-18 Jul, 2023 | 14:07

Updated-28 Apr, 2026 | 16:08

WordPress WeSecur Security Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.

Vendor-wesecur WeSecur

Product-wesecur WeSecur Security

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-9230

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 39.73%

7 Day CHG~0.00%

Published-14 Apr, 2025 | 06:00

Updated-29 Apr, 2025 | 20:33

PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks

Vendor-blubrry Unknown

Product-powerpress PowerPress Podcasting plugin by Blubrry

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25022

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:40

Updated-28 Apr, 2026 | 16:08

WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.

Vendor-kibokolabs Kiboko Labs

Product-watu_quiz Watu Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25462

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:18

Updated-28 Apr, 2026 | 16:08

WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.

Vendor-antonioandrade

Product-wp_htaccess_control WP htaccess Control

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25042

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:48

Updated-28 Apr, 2026 | 16:08

WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.

Vendor-stormconsultancy Liam Gladdy (Storm Consultancy)

Product-oauth_twitter_feed_for_developers oAuth Twitter Feed for Developers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25032

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.57%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:37

Updated-28 Apr, 2026 | 16:08

WordPress Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions.

Vendor-printfriendly Print, PDF, & Email by PrintFriendly

Product-print\,_pdf\,_email_by_printfriendly Print, PDF, Email by PrintFriendly

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25062

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-1.48% / 81.21%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:59

Updated-28 Apr, 2026 | 16:08

WordPress Pinpoint Booking System Plugin <= 2.9.9.2.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.

Vendor-pinpoint PINPOINT.WORLD

Product-pinpoint_booking_system Pinpoint Booking System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-32131

Credits

WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs