ByteOS Network

Vulnerability Details :

CVE-2025-39562

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-17 Apr, 2025 | 15:46

Updated At-17 Apr, 2025 | 18:41

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:17 Apr, 2025 | 15:46

Updated At:17 Apr, 2025 | 18:41

▼CVE Numbering Authority (CNA)

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

CodePeople

Product

Payment Form for PayPal Pro

Collection URL

https://wordpress.org/plugins

Package Name

payment-form-for-paypal-pro

Default Status

unaffected

Versions

Affected

From n/a through 1.1.72 (custom)
- -> unaffectedfrom1.1.73

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update the WordPress Payment Form for PayPal Pro plugin to the latest available version (at least 1.1.73).

Credits

finder

Doan Dinh Van / Fore-Z co.ltd (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/payment-form-for-paypal-pro/vulnerability/wordpress-payment-form-for-paypal-pro-1-1-72-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/payment-form-for-paypal-pro/vulnerability/wordpress-payment-form-for-paypal-pro-1-1-72-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:17 Apr, 2025 | 16:15

Updated At:17 Apr, 2025 | 20:21

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/payment-form-for-paypal-pro/vulnerability/wordpress-payment-form-for-paypal-pro-1-1-72-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/payment-form-for-paypal-pro/vulnerability/wordpress-payment-form-for-paypal-pro-1-1-72-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1106Records found

CVE-2024-33697

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.10% / 27.29%

7 Day CHG~0.00%

Published-26 Apr, 2024 | 12:40

Updated-02 Aug, 2024 | 02:36

WordPress CF7 File Download plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rimes Gold CF7 File Download – File Download for CF7 allows Stored XSS.This issue affects CF7 File Download – File Download for CF7: from n/a through 2.0.

Vendor-Rimes Gold rimes_gold

Product-CF7 File Download – File Download for CF7 cf7_file_download

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26534

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:51

Updated-19 Feb, 2025 | 21:28

WordPress WP Repost Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <= 0.1 versions.

Vendor-onewebsite OneWebsite

Product-wp_repost WP Repost

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25992

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.61%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:18

Updated-10 Jan, 2025 | 19:16

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_answers CM Answers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:43

Updated-02 Aug, 2024 | 13:44

WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.

Vendor-tapfiliate Tapfiliate

Product-tapfiliate Tapfiliate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25796

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-03 May, 2023 | 11:08

Updated-19 Feb, 2025 | 21:32

WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.

Vendor-wp_baidu_submit_project Include

Product-wp_baidu_submit WP BaiDu Submit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26529

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-03 Apr, 2023 | 12:30

Updated-10 Jan, 2025 | 19:12

WordPress DupeOff Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.

Vendor-dupeoff_project DupeOff.com

Product-dupeoff DupeOff

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25787

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:29

Updated-09 Jan, 2025 | 15:32

WordPress WP资源下载管理 Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP资源下载管理 plugin <= 1.3.9 versions.

Vendor-wp_resource_download_management_project Wbolt team

Product-wp_resource_download_management WP资源下载管理

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:46

Updated-09 Jan, 2025 | 15:34

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Vendor-archivist_-_custom_archive_templates_project Eric Teubert

Product-archivist_-_custom_archive_templates Archivist – Custom Archive Templates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25962

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-04 May, 2023 | 12:47

Updated-09 Jan, 2025 | 15:28

WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.

Vendor-Biplob Adhikari (Oxilab Development)

Product-accordions Accordion – Multiple Accordion or FAQs Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25716

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:58

Updated-02 Aug, 2024 | 13:44

WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.

Vendor-announce_from_the_dashboard_project gqevu6bsiz

Product-announce_from_the_dashboard Announce from the Dashboard

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25702

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:39

Updated-10 Jan, 2025 | 18:57

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Vendor-fullworksplugins Fullworks

Product-quick_paypal_payments Quick Paypal Payments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26527

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:02

Updated-10 Oct, 2024 | 18:55

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.

Vendor-wpindeed WPIndeed

Product-debug_assistant Debug Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:33

Updated-13 Jan, 2025 | 15:50

WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions.

Vendor-nooz_project Mighty Digital

Product-nooz Nooz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25783

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:34

Updated-09 Jan, 2025 | 15:31

WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.

Vendor-Alex Moss

Product-firecask_like_\&_share_button FireCask Like & Share Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37950

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 25.51%

7 Day CHG+0.01%

Published-20 Jul, 2024 | 08:25

Updated-02 Aug, 2024 | 04:04

WordPress Master Popups plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3.

Vendor-CodexHelp

Product-Master Popups

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25710

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:34

Updated-09 Jan, 2025 | 15:35

WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.

Vendor-digitalblue DIGITALBLUE

Product-click_to_call_or_chat_buttons Click to Call or Chat Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25485

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:33

Updated-09 Jan, 2025 | 15:34

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

Vendor-json-content-importer Bernhard Kux

Product-json_content_importer JSON Content Importer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25795

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:28

Updated-13 Jan, 2025 | 15:50

WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.

Vendor-wp-master WP-master.ir

Product-feed_changer_\&_remover Feed Changer & Remover

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26517

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-06 May, 2023 | 06:59

Updated-09 Jan, 2025 | 15:26

WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.

Vendor-plugin-planet Jeff Starr

Product-dashboard_widget_suite Dashboard Widgets Suite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-32722

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 13.26%

7 Day CHG~0.00%

Published-24 Apr, 2024 | 10:08

Updated-02 Aug, 2024 | 02:20

WordPress Coupon & Discount Code Reveal Button plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5.

Product-Coupon & Discount Code Reveal Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26010

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-04 May, 2023 | 13:20

Updated-25 Feb, 2025 | 20:38

WordPress WPMobile.App Plugin <= 11.18 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions.

Vendor-amauri WPMobile.App

Product-wpmobile.app WPMobile.App

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38784

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.98%

7 Day CHG~0.00%

Published-21 Jul, 2024 | 21:11

Updated-02 Aug, 2024 | 04:19

WordPress Livemesh Addons for Beaver Builder plugin <= 3.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.

Vendor-livemesh Livemesh

Product-beaver_builder_addons Livemesh Addons for Beaver Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25979

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-03 May, 2023 | 13:37

Updated-09 Jan, 2025 | 15:30

WordPress Video Gallery – YouTube Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions.

Vendor-total-soft Video Gallery by Total-Soft

Product-video_gallery Video Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24372

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:44

Updated-09 Jan, 2025 | 15:23

WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.

Vendor-usbmemorydirect USB Memory Direct

Product-simple_custom_author_profiles Simple Custom Author Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25046

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.76%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:26

Updated-02 Aug, 2024 | 13:44

WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.

Vendor-podlove Podlove

Product-podlove_podcast_publisher Podlove Podcast Publisher

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25052

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:39

Updated-09 Jan, 2025 | 15:25

WordPress Yandex.News Feed by Teplitsa Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions.

Vendor-te-st Teplitsa

Product-yandex.news_feed_by_teplitsa Yandex.News Feed by Teplitsa

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24383

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.41%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:12

Updated-10 Jan, 2025 | 19:08

WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-namaste\!_lms Namaste! LMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24385

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.68%

7 Day CHG~0.00%

Published-17 Oct, 2023 | 08:58

Updated-13 Sep, 2024 | 15:55

WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.

Vendor-davidlingren David Lingren

Product-media_library_assistant Media Library Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-32800

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.19% / 40.64%

7 Day CHG~0.00%

Published-17 May, 2024 | 06:10

Updated-02 Aug, 2024 | 02:20

WordPress Popup – Popup More Popups plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from n/a through 2.3.1.

Vendor-Felix Moira felixmoira

Product-Popup More Popups popup_more_popups\,_lightboxes\,_and_more_popup_modules

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24418

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:43

Updated-09 Jan, 2025 | 15:20

WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

Vendor-gopiplus Gopi Ramasamy

Product-tiny_carousel_horizontal_slider_plus Tiny carousel horizontal slider plus

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25064

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:40

Updated-19 Feb, 2025 | 21:40

WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions.

Vendor-wp_htpasswd_project Matteo Candura

Product-wp_htpasswd WP htpasswd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25021

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-08 May, 2023 | 11:48

Updated-19 Feb, 2025 | 21:31

WordPress FareHarbor for WordPress Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions.

Vendor-fareharbor FareHarbor

Product-fareharbor FareHarbor for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25462

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:18

Updated-19 Feb, 2025 | 21:25

WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.

Vendor-antonioandrade

Product-wp_htaccess_control WP htaccess Control

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24381

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.41%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:47

Updated-02 Aug, 2024 | 13:45

WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.

Vendor-nsthemes NsThemes

Product-advanced_social_pixel Advanced Social Pixel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25022

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:40

Updated-10 Jan, 2025 | 19:00

WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.

Vendor-kibokolabs Kiboko Labs

Product-watu_quiz Watu Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33692

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 26.71%

7 Day CHG~0.00%

Published-26 Apr, 2024 | 12:46

Updated-02 Aug, 2024 | 02:36

WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3.

Vendor-Satrya

Product-Smart Recent Posts Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25461

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:13

Updated-09 Jan, 2025 | 15:33

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.

Vendor-smartlogix namithjawahar

Product-wp-insert Wp-Insert

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25458

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-04 May, 2023 | 19:24

Updated-09 Jan, 2025 | 15:28

WordPress TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.

Vendor-gmo GMO Internet Group, Inc.

Product-typesquare_webfonts_for_conoha TypeSquare Webfonts for ConoHa

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25032

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 31.00%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:37

Updated-10 Sep, 2024 | 17:44

WordPress Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions.

Vendor-printfriendly Print, PDF, & Email by PrintFriendly

Product-print\,_pdf\,_email_by_printfriendly Print, PDF, Email by PrintFriendly

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25024

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:51

Updated-10 Jan, 2025 | 18:59

WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.

Vendor-icegram Icegram

Product-icegram_collect Icegram Collect

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:18

Updated-09 Jan, 2025 | 15:25

WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.

Vendor-cms_press_project Michael Pretty (prettyboymp)

Product-cms_press CMS Press

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25456

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:56

Updated-02 Aug, 2024 | 13:45

WordPress Klaviyo Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions.

Vendor-klaviyo Klaviyo, Inc.

Product-klaviyo Klaviyo

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25459

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:03

Updated-25 Sep, 2024 | 16:45

WordPress Post Snippets Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.

Vendor-postsnippets Postsnippets

Product-post_snippets Post Snippets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25028

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-24 May, 2023 | 16:42

Updated-10 Oct, 2024 | 18:57

WordPress CC Custom Taxonomy Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions.

Vendor-cc_custom_taxonomy_project chuyencode

Product-cc_custom_taxonomy CC Custom Taxonomy

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33639

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.10% / 28.17%

7 Day CHG~0.00%

Published-26 Apr, 2024 | 07:19

Updated-11 Apr, 2025 | 14:09

WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1.

Vendor-accessally AccessAlly

Product-popupally PopupAlly

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24397

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:41

Updated-24 Sep, 2024 | 19:08

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Vendor-reservation Reservation.Studio

Product-reservation.studio Reservation.Studio widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25442

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:45

Updated-02 Aug, 2024 | 13:44

WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.

Vendor-zeno_font_resizer_project Marcel Pol

Product-zeno_font_resizer Zeno Font Resizer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24406

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:01

Updated-02 Aug, 2024 | 13:41

WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Vendor-simple_popup_project Muneeb ur Rehman

Product-simple_popup Simple PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25042

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:48

Updated-24 Sep, 2024 | 19:07

WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.

Vendor-stormconsultancy Liam Gladdy (Storm Consultancy)

Product-oauth_twitter_feed_for_developers oAuth Twitter Feed for Developers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25451

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.06%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:41

Updated-10 Jan, 2025 | 18:44

WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.

Vendor-wpchill WPChill

Product-cpo_content_types CPO Content Types

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-39562

Credits

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs