ByteOS Network

Vulnerability Details :

CVE-2025-32646

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-17 Apr, 2025 | 15:47

Updated At-17 Apr, 2025 | 18:34

WordPress Question Answer Plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Question Answer allows Reflected XSS. This issue affects Question Answer: from n/a through 1.2.70.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:17 Apr, 2025 | 15:47

Updated At:17 Apr, 2025 | 18:34

▼CVE Numbering Authority (CNA)

WordPress Question Answer Plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

PickPlugins

Product

Question Answer

Collection URL

https://wordpress.org/plugins

Package Name

question-answer

Default Status

unaffected

Versions

Affected

From n/a through 1.2.70 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-591	CAPEC-591 Reflected XSS

CAPEC ID: CAPEC-591

Description: CAPEC-591 Reflected XSS

Credits

finder

LVT-tholv2k (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/question-answer/vulnerability/wordpress-question-answer-plugin-1-2-70-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/question-answer/vulnerability/wordpress-question-answer-plugin-1-2-70-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:17 Apr, 2025 | 16:15

Updated At:17 Apr, 2025 | 20:21

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/question-answer/vulnerability/wordpress-question-answer-plugin-1-2-70-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/question-answer/vulnerability/wordpress-question-answer-plugin-1-2-70-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2033Records found

CVE-2023-37997

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.09% / 26.47%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 11:47

Updated-24 Sep, 2024 | 18:57

WordPress Post List With Featured Image Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions.

Vendor-dharmeshpatel Dharmesh Patel

Product-post_list_with_featured_image Post List With Featured Image

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37976

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 14:21

Updated-25 Sep, 2024 | 16:57

WordPress Radio Forge Muses Player with Skins Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions.

Vendor-radioforge Radio Forge

Product-radio_forge_muses_player_with_skins Radio Forge Muses Player with Skins

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37873

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-05 Aug, 2023 | 22:18

Updated-25 Sep, 2024 | 16:57

WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

Vendor-WooCommerce

Product-shipping_multiple_addresses Shipping Multiple Addresses

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37977

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 14:16

Updated-19 Feb, 2025 | 16:29

WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.

Vendor-getwpfunnels WPFunnels Team

Product-wpfunnels Drag & Drop Sales Funnel Builder for WordPress – WPFunnels

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37893

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 11:04

Updated-24 Sep, 2024 | 19:07

WordPress Coming Soon Chop Chop Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions.

Vendor-chop-chop Chop-Chop

Product-coming_soon_chop_chop Coming Soon Chop Chop

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37393

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:21

Updated-24 Sep, 2024 | 18:51

WordPress Atarim Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.9.3 versions.

Vendor-atarim Atarim

Product-atarim Visual Website Collaboration, Feedback & Project Management – Atarim

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37975

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 14:25

Updated-25 Sep, 2024 | 16:52

WordPress Variation Swatches for WooCommerce Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.

Vendor-variation_swatches_for_woocommerce_project RadiusTheme

Product-variation_swatches_for_woocommerce Variation Swatches for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37981

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 13:50

Updated-25 Sep, 2024 | 16:58

WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions.

Vendor-wpkube WPKube

Product-authors_list Authors List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38384

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:30

Updated-25 Sep, 2024 | 16:47

WordPress eaSYNC Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions.

Vendor-syntacticsinc Syntactics, Inc.

Product-easync eaSYNC

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38392

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-07 Aug, 2023 | 12:45

Updated-25 Sep, 2024 | 16:52

WordPress Custom Field Template Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.

Vendor-wpgogo Hiroaki Miyashita

Product-custom_field_template Custom Field Template

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37894

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 14:34

Updated-25 Sep, 2024 | 16:57

WordPress Variation Images Gallery for WooCommerce Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions.

Vendor-radiustheme RadiusTheme

Product-variation_images_gallery_for_woocommerce Variation Images Gallery for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37979

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-45.01% / 97.50%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 14:08

Updated-13 Feb, 2025 | 17:01

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.

Vendor-Saturday Drive, INC

Product-ninja_forms Ninja Forms Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-36384

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-18 Jul, 2023 | 14:17

Updated-25 Sep, 2024 | 17:01

WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.

Vendor-WP Booking Calendar CodePeople

Product-booking_calendar Booking Calendar Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-47696

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.59%

7 Day CHG~0.00%

Published-13 Nov, 2023 | 22:33

Updated-08 Jan, 2025 | 21:09

WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.

Vendor-gravitymaster Gravity Master

Product-product_enquiry_for_woocommerce Product Enquiry for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-44044

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.04% / 13.02%

7 Day CHG~0.00%

Published-16 Feb, 2025 | 22:17

Updated-18 Feb, 2025 | 19:35

WordPress Oshine Modules plugin < 3.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.

Vendor-NotFound

Product-Oshine Modules

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-36686

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-05 Aug, 2023 | 22:28

Updated-25 Sep, 2024 | 16:56

WordPress CartFlows Pro Plugin <= 1.11.11 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.

Vendor-cartflows CartFlows

Product-cartflows CartFlows Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-36689

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-05 Aug, 2023 | 22:22

Updated-25 Sep, 2024 | 16:56

WordPress WPFactory Helper Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.

Vendor-wpfactory WPFactory

Product-wpfactory_helper WPFactory Helper

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-36385

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.59%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 13:44

Updated-25 Sep, 2024 | 16:59

WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.

Vendor-wpxpo wpxpo

Product-postx PostX – Gutenberg Post Grid Blocks

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-36502

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.59%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 13:26

Updated-26 Sep, 2024 | 15:09

WordPress Balkon Theme <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.

Vendor-cththemes cththemes

Product-balkon Balkon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34375

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 41.48%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 19:31

Updated-02 Aug, 2024 | 16:10

WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.

Vendor-10Web (TenWeb, Inc.)

Product-seo SEO by 10Web

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35772

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 13:54

Updated-10 Oct, 2024 | 18:35

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.

Vendor-Alain Gonzalez

Product-google_map_shortcode Google Map Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35918

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:47

Updated-10 Oct, 2024 | 17:23

WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.

Vendor-WooCommerce

Product-bulk_stock_management Bulk Stock Management

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35775

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 13:32

Updated-19 Feb, 2025 | 21:29

WordPress WP Backup Manager Plugin <= 1.13.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.

Vendor-wp_backup_solutions_project WP Backup Solutions

Product-wp_backup_solutions WP Backup Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-47547

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 41.48%

7 Day CHG~0.00%

Published-14 Nov, 2023 | 20:45

Updated-07 Jan, 2025 | 19:26

WordPress Products, Order & Customers Export for WooCommerce Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.

Vendor-wpfactory WPFactory

Product-products\,_order_\&_customers_export_for_woocommerce Products, Order & Customers Export for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-47690

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.09% / 25.91%

7 Day CHG~0.00%

Published-13 Nov, 2023 | 23:03

Updated-08 Jan, 2025 | 21:07

WordPress Additional Order Filters for WooCommerce Plugin <= 1.10 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.

Vendor-antonbond Anton Bond

Product-additional_order_filters_for_woocommerce Additional Order Filters for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-47695

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.59%

7 Day CHG~0.00%

Published-13 Nov, 2023 | 22:59

Updated-08 Jan, 2025 | 21:08

WordPress Shortcodes Finder Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.

Vendor-scribit Scribit

Product-shortcodes_finder Shortcodes Finder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43970

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 23.68%

7 Day CHG~0.00%

Published-17 Sep, 2024 | 23:33

Updated-25 Sep, 2024 | 14:18

WordPress SureCart plugin <= 2.29.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3.

Vendor-surecart SureCart

Product-surecart SureCart

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-47508

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.59%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 18:26

Updated-02 Aug, 2024 | 21:09

WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions.

Vendor-Depicter (Averta)

Product-master_slider Master Slider Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-47767

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.09% / 25.91%

7 Day CHG~0.00%

Published-22 Nov, 2023 | 21:59

Updated-02 Aug, 2024 | 21:16

WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

Vendor-fla-shop Fla-shop.com

Product-interactive_world_map Interactive World Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43950

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 23.68%

7 Day CHG~0.00%

Published-29 Aug, 2024 | 17:57

Updated-30 Aug, 2024 | 16:20

WordPress Brickscore plugin <= 1.4.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5.

Vendor-nextbricks Nextbricks

Product-bricksore Brickscore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46070

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 41.48%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 13:02

Updated-09 Sep, 2024 | 14:42

WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.

Vendor-egeorjon Emmanuel GEORJON

Product-eg-attachments EG-Attachments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35098

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.17% / 38.24%

7 Day CHG~0.00%

Published-20 Jun, 2023 | 09:01

Updated-02 Aug, 2024 | 16:23

WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.

Vendor-wordpress_nextgen_galleryview_project John Brien

Product-wordpress_nextgen_galleryview WordPress NextGen GalleryView

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45759

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 41.48%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:48

Updated-09 Sep, 2024 | 14:45

WordPress Peter’s Custom Anti-Spam Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter’s Custom Anti-Spam plugin <= 3.2.2 versions.

Vendor-peterkeung Peter Keung

Product-peter\'s_custom_anti-spam Peter’s Custom Anti-Spam

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35884

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.17% / 38.24%

7 Day CHG~0.00%

Published-20 Jun, 2023 | 06:50

Updated-10 Oct, 2024 | 18:35

WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.

Vendor-Metagauss Inc.

Product-eventprime EventPrime

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45750

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 41.48%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:28

Updated-10 Sep, 2024 | 17:51

WordPress Nexter Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.

Vendor-posimyth POSIMYTH

Product-nexter_extension Nexter Extension

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45771

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.14% / 35.21%

7 Day CHG~0.00%

Published-26 Mar, 2024 | 08:27

Updated-06 Aug, 2024 | 16:01

WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.

Vendor-Contact Form With Captcha

Product-Contact Form With Captcha

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46081

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-26 Oct, 2023 | 12:11

Updated-06 Sep, 2024 | 18:43

WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

Vendor-lava-code Lavacode

Product-lava_directory_manager Lava Directory Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33319

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:07

Updated-10 Oct, 2024 | 18:57

WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.

Vendor-WooCommerce

Product-automatewoo WooCommerce Follow-Up Emails (AutomateWoo)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46086

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.19% / 41.48%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 15:50

Updated-03 Jun, 2025 | 13:49

WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.

Vendor-servit SERVIT Software Solutions

Product-affiliate-toolkit affiliate-toolkit – WordPress Affiliate Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34011

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 11:18

Updated-24 Sep, 2024 | 19:06

WordPress ShopConstruct Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions.

Vendor-shopconstruct ShopConstruct

Product-shopconstruct ShopConstruct

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33925

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.09% / 25.91%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 12:42

Updated-25 Sep, 2024 | 16:59

WordPress WooCommerce Product Categories Selection Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions.

Vendor-pluginforage PluginForage

Product-woocommerce_product_categories_selection_widget WooCommerce Product Categories Selection Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.89%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 14:50

Updated-19 Feb, 2025 | 21:25

WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.

Vendor-weDevs Pte. Ltd.

Product-wp_erp WP ERP

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33322

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.14% / 34.83%

7 Day CHG~0.00%

Published-26 Mar, 2024 | 08:48

Updated-15 Aug, 2025 | 19:37

WordPress Front End Users plugin < 3.2.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.

Vendor-etoilewebdesign Etoile Web Design

Product-front_end_users Front End Users

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43975

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 23.68%

7 Day CHG~0.00%

Published-17 Sep, 2024 | 23:29

Updated-25 Sep, 2024 | 14:13

WordPress Super Store Finder plugin <= 6.9.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

Vendor-Super Store Finder

Product-super_store_finder Super Store Finder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34174

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.07% / 21.89%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:54

Updated-24 Sep, 2024 | 19:20

WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.

Vendor-bbsetheme BBS e-Theme

Product-bbs_e-popup BBS e-Popup

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46313

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-31 Oct, 2023 | 09:39

Updated-06 Sep, 2024 | 15:24

WordPress Zotpress Plugin <= 7.3.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions.

Vendor-katieseaborn Katie Seaborn

Product-zotpress Zotpress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-45632

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-18 Oct, 2023 | 13:35

Updated-12 Sep, 2024 | 18:09

WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <= 1.5.22 versions.

Vendor-web-dorado WebDorado

Product-spidervplayer SpiderVPlayer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33997

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.09% / 25.91%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 12:55

Updated-10 Oct, 2024 | 17:20

WordPress bbp style pack Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.5.5 versions.

Vendor-bbp_style_pack_project Robin Wilson

Product-bbp_style_pack bbp style pack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34017

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.10% / 27.59%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 13:33

Updated-26 Sep, 2024 | 15:04

WordPress Five Star Restaurant Reservations Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.

Vendor-fivestarplugins FiveStarPlugins

Product-five_star_restaurant_menu Five Star Restaurant Reservations

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46075

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 24.99%

7 Day CHG~0.00%

Published-26 Oct, 2023 | 12:02

Updated-09 Sep, 2024 | 14:39

WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.

Vendor-WpDevArt

Product-contact_form_builder Contact Form Builder, Contact Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-32646

Credits

WordPress Question Answer Plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs