ByteOS Network

Vulnerability Details :

CVE-2025-32131

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-04 Apr, 2025 | 15:58

Updated At-28 Apr, 2026 | 16:12

WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents live-chat-support-by-social-intents allows Stored XSS.This issue affects Social Intents: from n/a through <= 1.6.19.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:04 Apr, 2025 | 15:58

Updated At:28 Apr, 2026 | 16:12

▼CVE Numbering Authority (CNA)

WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

socialintents

Product

Social Intents

Collection URL

https://wordpress.org/plugins

Package Name

live-chat-support-by-social-intents

Default Status

unaffected

Versions

Affected

From 0 through 1.6.19 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	Stored XSS

CAPEC ID: CAPEC-592

Description: Stored XSS

Credits

finder

Nabil Irawan | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/live-chat-support-by-social-intents/vulnerability/wordpress-social-intents-plugin-1-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/live-chat-support-by-social-intents/vulnerability/wordpress-social-intents-plugin-1-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:04 Apr, 2025 | 16:15

Updated At:23 Apr, 2026 | 15:28

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/live-chat-support-by-social-intents/vulnerability/wordpress-social-intents-plugin-1-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1261Records found

CVE-2023-25059

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.76% / 73.44%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 08:40

Updated-28 Apr, 2026 | 16:08

WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.

Vendor-avalex avalex GmbH

Product-avalex avalex – Automatically secure legal texts

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25052

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:39

Updated-28 Apr, 2026 | 16:08

WordPress Yandex.News Feed by Teplitsa Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions.

Vendor-te-st Teplitsa

Product-yandex.news_feed_by_teplitsa Yandex.News Feed by Teplitsa

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25484

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 16:50

Updated-28 Apr, 2026 | 16:08

WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions.

Vendor-simple_yearly_archive_project Oliver Schlöbe

Product-simple_yearly_archive Simple Yearly Archive

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25460

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.45%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:19

Updated-28 Apr, 2026 | 16:08

WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions.

Vendor-codesolz CodeSolz

Product-easy_ad_manager Easy Ad Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-25343

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 12.70%

7 Day CHG~0.00%

Published-19 Feb, 2026 | 08:26

Updated-28 Apr, 2026 | 16:14

WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.

Vendor-VeronaLabs

Product-WP SMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24389

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 24.68%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:01

Updated-28 Apr, 2026 | 16:08

WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.

Vendor-brandid brandiD

Product-social_proof_\(testimonial\)_slider Social Proof (Testimonial) Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24386

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 09:38

Updated-28 Apr, 2026 | 16:08

WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.

Vendor-ai_contact_us_form_project Karishma Arora

Product-ai_contact_us_form AI Contact Us Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24391

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.29%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 12:28

Updated-28 Apr, 2026 | 16:08

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.

Vendor-spiderteams Spider Teams

Product-applyonline_-_application_form_builder_and_manager ApplyOnline

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24397

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:41

Updated-28 Apr, 2026 | 16:08

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Vendor-reservation Reservation.Studio

Product-reservation.studio Reservation.Studio widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24398

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.45%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:20

Updated-28 Apr, 2026 | 16:08

WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_coming_soon_page EZP Coming Soon Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG+0.22%

Published-11 May, 2023 | 09:46

Updated-28 Apr, 2026 | 16:08

WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.

Vendor-useragent-spy_project Fernando Briano

Product-useragent-spy UserAgent-Spy

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25461

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:13

Updated-28 Apr, 2026 | 16:08

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.

Vendor-smartlogix namithjawahar

Product-wp-insert Wp-Insert

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25479

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 12:00

Updated-28 Apr, 2026 | 16:08

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.

Vendor-podlove Podlove

Product-podlove_subscribe_button Podlove Subscribe button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23982

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:49

Updated-28 Apr, 2026 | 16:08

WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.

Vendor-wpfrom_email_project WPGear.Pro

Product-wpfrom_email WPFrom Email

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23734

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:40

Updated-28 Apr, 2026 | 16:08

WordPress Userlike – WordPress Live Chat plugin Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.

Vendor-userlike David Voswinkel

Product-userlike Userlike – WordPress Live Chat plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG+0.13%

Published-16 May, 2023 | 09:31

Updated-28 Apr, 2026 | 16:08

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions.

Vendor-skeepers NetReviews SAS

Product-verified_reviews_\(avis_verifies\)Verified Reviews (Avis Vérifiés)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23807

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.79%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:42

Updated-28 Apr, 2026 | 16:08

WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions.

Vendor-qumos Qumos

Product-mojoplug_slide_panel MojoPlug Slide Panel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:22

Updated-28 Apr, 2026 | 19:19

WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.

Vendor-wpeverest WPEverest

Product-user_registration User Registration

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23675

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 10:48

Updated-28 Apr, 2026 | 16:08

WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.

Vendor-catchsquare Catchsquare

Product-wp_smart_preloader WP Smart Preloader

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23875

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:10

Updated-28 Apr, 2026 | 16:08

WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.

Vendor-bing_site_verification_plugin_using_meta_tag_project Himanshu

Product-bing_site_verification_plugin_using_meta_tag Bing Site Verification plugin using Meta Tag

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23881

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:03

Updated-28 Apr, 2026 | 16:08

WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.

Vendor-greentreelabs GreenTreeLabs

Product-circles_gallery Circles Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23883

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG-0.09%

Published-09 May, 2023 | 10:01

Updated-28 Apr, 2026 | 16:08

WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.

Vendor-wp_content_filter_-_censor_all_offensive_content_from_your_site_project David Gwyer

Product-wp_content_filter_-_censor_all_offensive_content_from_your_site WP Content Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23981

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:43

Updated-28 Apr, 2026 | 16:08

WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.

Vendor-quantumcloud QuantumCloud

Product-conversational_forms_for_chatbot Conversational Forms for ChatBot

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23810

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG+0.22%

Published-12 May, 2023 | 15:06

Updated-28 Apr, 2026 | 16:08

WordPress Panorama – WordPress Project Management Plugin Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.

Vendor-snaborbital SnapOrbital

Product-panorama Panorama

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23822

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.45%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:33

Updated-28 Apr, 2026 | 16:08

WordPress UTM Tracker Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludwig Media UTM Tracker plugin <= 1.3.1 versions.

Vendor-utm_tracker_project Ludwig Media

Product-utm_tracker UTM Tracker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24002

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:04

Updated-28 Apr, 2026 | 16:08

WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.

Vendor-WpDevArt

Product-youtube_embed\,_playlist_and_popup YouTube Embed, Playlist and Popup by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23793

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-09 May, 2023 | 09:53

Updated-28 Apr, 2026 | 16:08

WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.

Vendor-8web Eightweb Interactive

Product-read_more_without_refresh Read More Without Refresh

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23994

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:51

Updated-28 Apr, 2026 | 16:08

WordPress Auto Hide Admin Bar Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.

Vendor-auto_hide_admin_bar_project Marcel Bootsman

Product-auto_hide_admin_bar Auto Hide Admin Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG+0.13%

Published-10 May, 2023 | 07:28

Updated-28 Apr, 2026 | 16:08

WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.

Vendor-premmerce Premmerce

Product-premmerce_redirect_manager Premmerce Redirect Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23878

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 38.76%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:38

Updated-28 Apr, 2026 | 16:08

WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

Vendor-weplugins flippercode

Product-wp_maps WordPress Plugin for Google Maps – WP MAPS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23722

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 14:25

Updated-28 Apr, 2026 | 16:08

WordPress WP eBay Product Feeds Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions.

Vendor-winwar Winwar Media

Product-wp_ebay_product_feeds WP eBay Product Feeds

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23727

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG+0.13%

Published-16 May, 2023 | 08:43

Updated-28 Apr, 2026 | 16:08

WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.

Vendor-formilla Formilla

Product-live_chat Live Chat by Formilla

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23980

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:39

Updated-28 Apr, 2026 | 16:08

WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.

Vendor-mailoptin MailOptin Popup Builder Team

Product-mailoptin MailOptin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23707

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 38.76%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:12

Updated-28 Apr, 2026 | 16:08

WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions.

Vendor-AWSM Digital Innovations

Product-embed_any_document Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23809

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-03 May, 2023 | 14:25

Updated-28 Apr, 2026 | 16:08

WordPress Stock market charts from finviz Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions.

Vendor-finviz Moris Dov

Product-stock_market_charts_from_finviz Stock market charts from finviz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23884

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG-0.09%

Published-09 May, 2023 | 10:07

Updated-28 Apr, 2026 | 16:08

WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.

Vendor-kanbanwp Kanban for WordPress

Product-kanban_boards_for_wordpress Kanban Boards for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:50

Updated-28 Apr, 2026 | 16:08

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.

Vendor-Smplug-in WpDevArt

Product-social_like_box_and_page Social Like Box and Page by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23682

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 53.31%

7 Day CHG+0.22%

Published-15 May, 2023 | 12:14

Updated-28 Apr, 2026 | 16:08

WordPress EZP Maintenance Mode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Maintenance Mode plugin <= 1.0.1 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_maintenance_mode EZP Maintenance Mode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23863

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG-0.09%

Published-09 May, 2023 | 07:38

Updated-28 Apr, 2026 | 16:08

WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.

Vendor-blackandwhitedigital Black and White Digital Ltd

Product-treepress TreePress – Easy Family Trees & Ancestor Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-67628

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.45%

7 Day CHG~0.00%

Published-24 Dec, 2025 | 13:10

Updated-28 Apr, 2026 | 16:14

WordPress Review Disclaimer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AMP-MODE Review Disclaimer review-disclaimer allows Stored XSS.This issue affects Review Disclaimer: from n/a through <= 2.0.3.

Vendor-AMP-MODE

Product-Review Disclaimer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG+0.13%

Published-10 May, 2023 | 08:39

Updated-28 Apr, 2026 | 16:08

WordPress Semalt Blocker Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss Semalt Blocker plugin <= 1.1.3 versions.

Vendor-Alex Moss

Product-semalt_blocker Semalt Blocker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23971

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:04

Updated-28 Apr, 2026 | 16:08

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.

Vendor-CodePeople

Product-wp_time_slots_booking_form WP Time Slots Booking Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24004

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:00

Updated-28 Apr, 2026 | 16:08

WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.

Vendor-WpDevArt

Product-download_image_and_video_lightbox\,_image_popup Image and Video Lightbox, Image PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23995

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:20

Updated-28 Apr, 2026 | 16:08

WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.

Vendor-tinymce_custom_styles_project Tim Reeves & David Stöckl

Product-tinymce_custom_styles TinyMCE Custom Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23871

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.29%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:35

Updated-28 Apr, 2026 | 16:08

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.

Vendor-webdzier Webdzier

Product-button Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23723

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-02 May, 2023 | 11:02

Updated-28 Apr, 2026 | 16:08

WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.

Vendor-winwar Winwar Media

Product-wp_email_capture WP Email Capture

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23788

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG+0.13%

Published-10 May, 2023 | 07:15

Updated-28 Apr, 2026 | 16:08

WordPress Custom More Link Complete Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions.

Vendor-custom_more_link_complete_project Florin Arjocu

Product-custom_more_link_complete Custom More Link Complete

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23870

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 12:44

Updated-28 Apr, 2026 | 16:08

WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.

Vendor-WpDevArt

Product-responsive_vertical_icon_menu Responsive Vertical Icon Menu

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23998

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 42.92%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:42

Updated-28 Apr, 2026 | 16:08

WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions.

Vendor-e4jconnect E4J s.r.l.

Product-vikrentcar VikRentCar Car Rental Management System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-69350

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.45%

7 Day CHG~0.00%

Published-06 Jan, 2026 | 16:36

Updated-28 Apr, 2026 | 16:14

WordPress Accordion plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through <= 3.0.3.

Vendor-Themepoints

Product-Accordion

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-32131

Credits

WordPress Social Intents plugin <= 1.6.19 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs