Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-46500

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Jul, 2025 | 11:28
Updated At-28 Apr, 2026 | 16:12
Rejected At-
Credits

WordPress Wordpress Auto Spinner plugin <= 3.26.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through <= 3.26.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Jul, 2025 | 11:28
Updated At:28 Apr, 2026 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Wordpress Auto Spinner plugin <= 3.26.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through <= 3.26.0.

Affected Products
Vendor
ValvePress
Product
Wordpress Auto Spinner
Collection URL
https://wordpress.org/plugins
Package Name
wp-auto-spinner
Default Status
unaffected
Versions
Affected
  • From 0 through 3.26.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591Reflected XSS
CAPEC ID: CAPEC-591
Description: Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Anhchangmutrang | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-plugin-3-25-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-plugin-3-25-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Jul, 2025 | 12:15
Updated At:23 Apr, 2026 | 15:30

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through <= 3.26.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-plugin-3-25-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-plugin-3-25-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2439Records found
CVE-2024-49309
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.97%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 18:46
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digitally theme <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omarfolghe Digitally digitally allows Reflected XSS.This issue affects Digitally: from n/a through <= 1.0.8.

Action-Not Available
Vendor-omarfolghe
Product-Digitally
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49673
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.24% / 46.87%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 11:02
Updated-12 May, 2026 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML latex2html allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through <= 2.5.4.

Action-Not Available
Vendor-latex2htmlVan Abel
Product-latex2htmlLaTeX2HTML
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49662
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 11:42
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Load More plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webgensis Simple Load More simple-load-more allows Reflected XSS.This issue affects Simple Load More: from n/a through <= 1.0.

Action-Not Available
Vendor-webgensisWebgensis
Product-simple_load_moreSimple Load More
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 33.89%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:50
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Map Locations plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Google Map Locations google-map-locations allows Reflected XSS.This issue affects Google Map Locations: from n/a through <= 1.0.

Action-Not Available
Vendor-dotsquaresDotsquaresLtd
Product-google_map_locationsGoogle Map Locations
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.00%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:49
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Agile Video Player Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woracal Agile Video Player Lite agile-video-player allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through <= 1.0.

Action-Not Available
Vendor-prashantmavinkurveworacal
Product-agile_video_player_liteAgile Video Player Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49678
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.41% / 61.77%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 11:01
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress js paper theme <= 2.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7.

Action-Not Available
Vendor-Jinwen
Product-js paper
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 11:54
Updated-12 May, 2026 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Campus Explorer Widget plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CampusExplorer Campus Explorer Widget campus-explorer-widget allows Reflected XSS.This issue affects Campus Explorer Widget: from n/a through <= 1.4.

Action-Not Available
Vendor-campusexplorerCampusExplorer
Product-widgetCampus Explorer Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49316
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.33% / 55.96%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 18:23
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Akismet htaccess writer plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1.

Action-Not Available
Vendor-zodiac
Product-Akismet htaccess writer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.33% / 55.96%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:02
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Custom Admin plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Carl Alberto Simple Custom Admin simple-custom-admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through <= 1.2.

Action-Not Available
Vendor-Carl Alberto
Product-Simple Custom Admin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46449
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.98%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WoWHead Tooltips plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Novium WoWHead Tooltips wowhead-tooltips allows Stored XSS.This issue affects WoWHead Tooltips: from n/a through <= 2.0.1.

Action-Not Available
Vendor-Novium
Product-WoWHead Tooltips
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SliceWP Affiliates plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai SliceWP slicewp allows Reflected XSS.This issue affects SliceWP: from n/a through <= 1.1.18.

Action-Not Available
Vendor-iova.mihai
Product-SliceWP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48023
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.90%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:27
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Restaurant Reservations Widget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rconnect305 Restaurant Reservations Widget restaurantconnect-reswidget allows Reflected XSS.This issue affects Restaurant Reservations Widget: from n/a through <= 1.0.

Action-Not Available
Vendor-rconnect305
Product-Restaurant Reservations Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.98%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-12 May, 2026 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System dms allows Reflected XSS.This issue affects Document Management System: from n/a through <= 1.24.

Action-Not Available
Vendor-reifsnyderb
Product-Document Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47640
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.55% / 68.23%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 13:10
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP ERP erp allows Reflected XSS.This issue affects WP ERP: from n/a through <= 1.13.2.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wp_erpWP ERP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.26%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:50
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 3.0.8.

Action-Not Available
Vendor-WP Extended
Product-The Ultimate WordPress Toolkit – WP Extended
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.16% / 35.94%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:22
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through <= 4.0.

Action-Not Available
Vendor-sumitsurai
Product-Featured Posts with Multiple Custom Groups (FPMCG)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48021
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.26%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:29
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through <= 2.3.

Action-Not Available
Vendor-Scott Paterson
Product-Contact Form 7 – PayPal & Stripe Add-on
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47638
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.81%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:03
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.4.6.

Action-Not Available
Vendor-vcitavcita
Product-online_booking_\&_scheduling_calendarOnline Booking & Scheduling Calendar for WordPress by vcita
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.41%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 09:59
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Propovoice CRM plugin <= 1.7.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1.7.6.2.

Action-Not Available
Vendor-Propovoice
Product-Propovoice CRM
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-43837
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.98%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 18:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binti76 Total Donations total-donations allows Reflected XSS.This issue affects Total Donations: from n/a through <= 3.0.8.

Action-Not Available
Vendor-binti76
Product-Total Donations
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47394
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:40
Updated-12 May, 2026 | 22:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9.

Action-Not Available
Vendor-eyecix
Product-JobSearch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47624
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.26%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:29
Updated-12 May, 2026 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BSK Forms Blacklist plugin <= 3.8.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1.

Action-Not Available
Vendor-BannerSky
Product-BSK Forms Blacklistbsk_forms_blacklist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-41749
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.1||HIGH
EPSS-0.06% / 17.93%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 08:08
Updated-19 Dec, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in port_util.php

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_2206c-2fxfl_switch_2206-2fx_stfl_switch_2206-2fx_smfl_switch_2406-2sfxfl_switch_2512-2gc-2sfp_firmwarefl_switch_2214-2fx_smfl_switch_2608_pnfl_switch_2105_firmwarefl_switch_2306-2sfp_pn_firmwarefl_switch_2316\/k1fl_nat_2208_firmwarefl_switch_2412-2tc-2sfx_firmwarefl_switch_2414-2sfxfl_switch_2506-2sfp_firmwarefl_switch_2206-2fxfl_switch_2708fl_switch_2304-2gc-2sfp_firmwarefl_switch_2508_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2005fl_switch_2512-2gc-2sfpfl_nat_2008fl_switch_2516_pn_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_nat_2304-2gc-2sfpfl_switch_2108_firmwarefl_switch_2608_firmwarefl_switch_2316_pnfl_switch_2008_firmwarefl_switch_2708_pn_firmwarefl_switch_2304-2gc-2sfpfl_switch_2516fl_switch_2207-fx_firmwarefl_switch_2214-2sfxfl_switch_2514-2sfp_firmwarefl_switch_2416_pn_firmwarefl_switch_2216_firmwarefl_switch_2408_pnfl_switch_2506-2sfp_pnfl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2204-2tc-2sfxfl_switch_2108fl_switch_2116_firmwarefl_switch_2212-2tc-2sfx_firmwarefl_switch_2208fl_nat_2208fl_switch_2205_firmwarefl_switch_2708_firmwarefl_switch_2504-2gc-2sfp_firmwarefl_switch_2406-2sfx_pn_firmwarefl_switch_2214-2fxfl_switch_2208_pn_firmwarefl_switch_2016fl_switch_2206-2sfx_pn_firmwarefl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pnfl_switch_2214-2sfx_pnfl_switch_2008f_firmwarefl_switch_2316_pn_firmwarefl_switch_2508\/k1fl_switch_2008fl_switch_2205fl_switch_2306-2sfpfl_switch_2416fl_switch_2314-2sfp_pnfl_switch_2316fl_switch_2308_firmwarefl_switch_2504-2gc-2sfpfl_switch_2105fl_switch_2206-2sfx_pnfl_switch_2214-2fx_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2408fl_switch_2206-2fx_sm_firmwarefl_switch_2306-2sfp_pnfl_switch_2506-2sfpfl_switch_2216fl_switch_2206-2sfxfl_switch_2406-2sfx_pnfl_switch_2408_pn_firmwarefl_switch_2308fl_nat_2008_firmwarefl_switch_2506-2sfp\/k1fl_switch_2212-2tc-2sfxfl_switch_2214-2sfx_firmwarefl_switch_2216_pnfl_switch_2016_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2514-2sfpfl_switch_2608fl_switch_2312-2gc-2sfpfl_switch_2206-2fx_sm_stfl_switch_2514-2sfp_pn_firmwarefl_switch_2207-fxfl_switch_2208_pnfl_nat_2304-2gc-2sfp_firmwarefl_switch_2514-2sfp_pnfl_switch_2416_pnfl_switch_2508_pnfl_switch_2314-2sfp_pn_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2206-2fx_firmwarefl_switch_2404-2tc-2sfxfl_switch_2608_pn_firmwarefl_switch_2005_firmwarefl_switch_2314-2sfp_firmwarefl_switch_2406-2sfx_firmwarefl_switch_2508fl_switch_2314-2sfpfl_switch_2116fl_switch_2216_pn_firmwarefl_switch_2204-2tc-2sfx_firmwarefl_switch_2308_pnfl_switch_2508\/k1_firmwarefl_switch_2316\/k1_firmwarefl_switch_2404-2tc-2sfx_firmwarefl_switch_2412-2tc-2sfxfl_switch_2306-2sfp_firmwarefl_switch_2208_firmwarefl_switch_2208c_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2214-2fx_sm_firmwarefl_switch_2508_pn_firmwarefl_switch_2516_pnfl_switch_2516_firmwarefl_switch_2308_pn_firmwarefl_switch_2208cfl_switch_2316_firmwarefl_switch_2303-8sp1fl_switch_2708_pnfl_switch_2207-fx_smfl_switch_2408_firmwarefl_switch_2414-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwareFL SWITCH 2212-2TC-2SFXFL SWITCH 2205FL SWITCH 2304-2GC-2SFPFL SWITCH 2008FFL SWITCH 2516FL SWITCH 2214-2SFX PNFL SWITCH 2214-2SFXFL SWITCH 2306-2SFPFL SWITCH 2506-2SFPFL SWITCH 2312-2GC-2SFPFL SWITCH 2316/K1FL SWITCH 2206-2SFXFL SWITCH 2206-2FX SM STFL SWITCH 2416 PNFL SWITCH 2506-2SFP/K1FL SWITCH 2206-2FXFL SWITCH 2414-2SFX PNFL SWITCH 2416FL SWITCH 2206C-2FXFL SWITCH 2512-2GC-2SFPFL SWITCH 2208 PNFL SWITCH 2316FL SWITCH 2208CFL SWITCH 2414-2SFXFL SWITCH 2216 PNFL SWITCH 2506-2SFP PNFL SWITCH 2216FL SWITCH 2308 PNFL SWITCH 2005FL SWITCH 2316 PNFL SWITCH 2208FL SWITCH 2308FL SWITCH 2608FL SWITCH 2508/K1FL SWITCH 2206-2FX STFL SWITCH 2206-2FX SMFL SWITCH 2508FL NAT 2008FL SWITCH 2314-2SFPFL SWITCH 2408 PNFL SWITCH 2408FL SWITCH 2406-2SFX PNFL SWITCH 2516 PNFL SWITCH 2108FL SWITCH 2508 PNFL SWITCH 2504-2GC-2SFPFL SWITCH 2214-2FXFL SWITCH 2406-2SFXFL SWITCH 2008FL SWITCH 2116FL SWITCH 2207-FX SMFL SWITCH 2016FL SWITCH 2207-FXFL SWITCH 2514-2SFP PNFL SWITCH 2514-2SFPFL SWITCH 2206-2SFX PNFL SWITCH 2404-2TC-2SFXFL SWITCH 2708 PNFL SWITCH 2412-2TC-2SFXFL SWITCH 2306-2SFP PNFL SWITCH 2708FL NAT 2208FL SWITCH 2105FL SWITCH 2303-8SP1FL SWITCH 2314-2SFP PNFL SWITCH 2214-2FX SMFL NAT 2304-2GC-2SFPFL SWITCH 2608 PNFL SWITCH 2204-2TC-2SFX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47384
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 42.90%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:53
Updated-12 May, 2026 | 22:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Compress plugin <= 6.20.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through <= 6.20.13.

Action-Not Available
Vendor-wpcompressAresIT
Product-wp_compressWP Compress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47389
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.81%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:47
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NEX-Forms plugin <= 8.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 8.7.3.

Action-Not Available
Vendor-basixonlineBasix
Product-nex-formsNEX-Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47644
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.90%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:55
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copyscape Premium plugin <= 1.3.9 - CSRF to Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Copyscape Copyscape Premium copyscape-premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through <= 1.3.9.

Action-Not Available
Vendor-Copyscape
Product-Copyscape Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.22% / 44.12%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:07
Updated-12 May, 2026 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Share This Image plugin <= 2.01 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Share This Image share-this-image allows Reflected XSS.This issue affects Share This Image: from n/a through <= 2.01.

Action-Not Available
Vendor-ILLID
Product-Share This Image
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47360
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.26% / 49.77%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 09:52
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BA Book Everything plugin <= 1.6.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through <= 1.6.20.

Action-Not Available
Vendor-ba-bookingbookingalgorithms
Product-ba_book_everythingBA Book Everything
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47348
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:28
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visual CSS Style Editor plugin <= 7.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through <= 7.6.4.

Action-Not Available
Vendor-YellowPencil
Product-YellowPencil Visual CSS Style Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47301
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.35%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:35
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bit Form plugin <= 2.13.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through <= 2.13.10.

Action-Not Available
Vendor-Bit Apps
Product-Bit Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47339
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:52
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mail Catcher plugin <= 2.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JWardee WP Mail Catcher wp-mail-catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through <= 2.1.9.

Action-Not Available
Vendor-JWardee
Product-WP Mail Catcher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.87%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:25
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Bulk Delete plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Stored XSS.This issue affects WP Bulk Delete: from n/a through <= 1.3.1.

Action-Not Available
Vendor-xylusthemesXylus Themes
Product-wp_bulk_deleteWP Bulk Delete
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-21.35% / 95.75%
||
7 Day CHG-5.18%
Published-05 Oct, 2024 | 15:16
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologies
Product-litespeed_cacheLiteSpeed Cache
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.26%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 15:01
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Web Directory Free plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3.

Action-Not Available
Vendor-Shamalli
Product-Web Directory Free
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.81%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 15:10
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCOM Member plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This issue affects WPCOM Member: from n/a through <= 1.5.4.

Action-Not Available
Vendor-wpcomLomu
Product-wpcom_memberWPCOM Member
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47369
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.81%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 15:24
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Auto Poster plugin <= 5.3.15 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15.

Action-Not Available
Vendor-WPWeb Elite
Product-social_auto_posterSocial Auto Poster
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47300
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:38
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CubeWP Forms plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Stored XSS.This issue affects CubeWP Forms: from n/a through <= 1.1.1.

Action-Not Available
Vendor-Imran Tauqeer
Product-CubeWP Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47346
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:30
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletters plugin <= 4.9.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.9.9.1.

Action-Not Available
Vendor-Tribulant Software
Product-Newsletters
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47341
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:50
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-DownloadManager plugin <= 1.68.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8.

Action-Not Available
Vendor-Lester Chan
Product-WP-DownloadManager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47306
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 57.26%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:33
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection-subscribe-to-view allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.2.3.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Secure Copy Content Protection and Content Locking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47333
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.87%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:57
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Loops & Logic plugin <= 4.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through <= 4.1.4.

Action-Not Available
Vendor-Tangible
Product-Loops & Logic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:05
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GEO my WP plugin <= 4.5.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Reflected XSS.This issue affects GEO my WordPress: from n/a through <= 4.5.0.3.

Action-Not Available
Vendor-Eyal Fitoussi
Product-GEO my WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.35%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:46
Updated-12 May, 2026 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Polls CP plugin <= 1.0.74 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through <= 1.0.74.

Action-Not Available
Vendor-CodePeople
Product-CP Polls
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47347
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:29
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chartify plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Reflected XSS.This issue affects Chartify: from n/a through <= 2.7.6.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Chartify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47600
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.31% / 54.63%
||
7 Day CHG+0.20%
Published-10 May, 2023 | 10:41
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mass Email To users Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions.

Action-Not Available
Vendor-i13websolutionI Thirteen Web Solution
Product-mass_email_to_usersMass Email To users
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-46843
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.79%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 13:55
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van Toan Woocommerce Vietnam Checkout plugin <= 2.0.4 versions.

Action-Not Available
Vendor-levantoanLe Van Toan
Product-woocommerce_vietnam_checkoutWoocommerce Vietnam Checkout
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47603
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.31% / 54.63%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 18:57
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.

Action-Not Available
Vendor-WpDevArt
Product-image_and_video_gallery_with_thumbnailsGallery – Image and Video Gallery with Thumbnails
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-46822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.79%
||
7 Day CHG+0.09%
Published-09 May, 2023 | 11:12
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce JazzCash Gateway Plugin Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions.

Action-Not Available
Vendor-jazzcashJC Development Team
Product-woocommerce_jazzcash_gatewayWooCommerce JazzCash Gateway Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-42652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 10:40
Updated-12 May, 2026 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through <= 5.1.5.

Action-Not Available
Vendor-wpeverest
Product-User Registration
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.26%
||
7 Day CHG+0.18%
Published-08 May, 2023 | 14:21
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open Graphite Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.

Action-Not Available
Vendor-rocketappsRocket Apps
Product-open_graphiteOpen Graphite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found