ByteOS Network

Vulnerability Details :

CVE-2025-47522

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-07 May, 2025 | 14:20

Updated At-07 May, 2025 | 18:19

WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock allows Stored XSS. This issue affects AWEOS WP Lock: from n/a through 1.4.8.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:07 May, 2025 | 14:20

Updated At:07 May, 2025 | 18:19

▼CVE Numbering Authority (CNA)

WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

AWEOS GmbH

Product

AWEOS WP Lock

Collection URL

https://wordpress.org/plugins

Package Name

aweos-wp-lock

Default Status

unaffected

Versions

Affected

From n/a through 1.4.8 (custom)
- -> unaffectedfrom1.4.9

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update the WordPress AWEOS WP Lock plugin to the latest available version (at least 1.4.9).

Credits

finder

Nabil Irawan (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:07 May, 2025 | 15:16

Updated At:08 May, 2025 | 14:39

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1204Records found

CVE-2023-25710

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:34

Updated-09 Jan, 2025 | 15:35

WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.

Vendor-digitalblue DIGITALBLUE

Product-click_to_call_or_chat_buttons Click to Call or Chat Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25795

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:28

Updated-13 Jan, 2025 | 15:50

WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.

Vendor-wp-master WP-master.ir

Product-feed_changer_\&_remover Feed Changer & Remover

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25962

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-04 May, 2023 | 12:47

Updated-09 Jan, 2025 | 15:28

WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.

Vendor-Biplob Adhikari (Oxilab Development)

Product-accordions Accordion – Multiple Accordion or FAQs Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25992

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.82%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:18

Updated-10 Jan, 2025 | 19:16

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_answers CM Answers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25059

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 52.54%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 08:40

Updated-10 Jan, 2025 | 19:03

WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.

Vendor-avalex avalex GmbH

Product-avalex avalex – Automatically secure legal texts

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25024

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:51

Updated-10 Jan, 2025 | 18:59

WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.

Vendor-icegram Icegram

Product-icegram_collect Icegram Collect

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25702

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:39

Updated-10 Jan, 2025 | 18:57

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Vendor-fullworksplugins Fullworks

Product-quick_paypal_payments Quick Paypal Payments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25063

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.63%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:38

Updated-25 Sep, 2024 | 16:45

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.

Vendor-anadnet Anadnet

Product-quick_page\/post_redirect_plugin Quick Page/Post Redirect Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25984

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.10%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:07

Updated-25 Sep, 2024 | 16:50

WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.

Vendor-rigorous-digital Rigorous & Factory Pattern

Product-dovetail Dovetail

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25483

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.44%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:42

Updated-23 Sep, 2024 | 12:52

WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions.

Vendor-easycomingsoon Ankit Agarwal, Priyanshu Mittal

Product-easy_coming_soon Easy Coming Soon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25488

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.97%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:54

Updated-19 Feb, 2025 | 21:25

WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions.

Vendor-ducbuiquang Duc Bui Quang

Product-wp_default_feature_image WP Default Feature Image

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25784

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:19

Updated-09 Jan, 2025 | 15:32

WordPress Sticky Ad Bar Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.

Vendor-sticky_ad_bar_project Bon Plan Gratos

Product-sticky_ad_bar Sticky Ad Bar Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:43

Updated-02 Aug, 2024 | 13:44

WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.

Vendor-tapfiliate Tapfiliate

Product-tapfiliate Tapfiliate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:03

Updated-10 Jan, 2025 | 18:57

WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.

Vendor-streamweasels StreamWeasels

Product-twitch_player Twitch Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.49%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:27

WordPress Next Event Calendar <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a through 1.2.

Vendor-Marchetti Design

Product-Next Event Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25064

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:40

Updated-19 Feb, 2025 | 21:40

WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions.

Vendor-wp_htpasswd_project Matteo Candura

Product-wp_htpasswd WP htpasswd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25465

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.97%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 09:52

Updated-19 Feb, 2025 | 21:24

WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-wp-tell-a-friend-popup-form wp tell a friend popup form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25442

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:45

Updated-02 Aug, 2024 | 13:44

WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.

Vendor-zeno_font_resizer_project Marcel Pol

Product-zeno_font_resizer Zeno Font Resizer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:46

Updated-09 Jan, 2025 | 15:34

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Vendor-archivist_-_custom_archive_templates_project Eric Teubert

Product-archivist_-_custom_archive_templates Archivist – Custom Archive Templates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25974

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.63%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:09

Updated-10 Oct, 2024 | 18:55

WordPress wp2syslog Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions.

Vendor-wp2syslog_project psicosi448

Product-wp2syslog wp2syslog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25044

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.97%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:51

Updated-24 Sep, 2024 | 19:07

WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.

Vendor-sumo Sumo

Product-social_share_boost Social Share Boost

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25021

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-08 May, 2023 | 11:48

Updated-19 Feb, 2025 | 21:31

WordPress FareHarbor for WordPress Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions.

Vendor-fareharbor FareHarbor

Product-fareharbor FareHarbor for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-53467

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.66%

7 Day CHG~0.00%

Published-22 Sep, 2025 | 18:25

Updated-23 Sep, 2025 | 13:45

WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Login-Logout allows Stored XSS. This issue affects Login-Logout: from n/a through 3.8.

Vendor-webvitaly

Product-Login-Logout

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25978

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.63%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 15:09

Updated-02 Aug, 2024 | 13:40

WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions.

Vendor-mindutopia Nate Reist

Product-protected_posts_logout_button Protected Posts Logout Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25705

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:33

Updated-19 Feb, 2025 | 21:34

WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.

Vendor-goprayer Go Prayer

Product-wp_prayer WP Prayer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25027

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 10:46

Updated-10 Jan, 2025 | 19:00

WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.

Vendor-kibokolabs Kiboko Labs

Product-chained_quiz Chained Quiz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25042

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.97%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:48

Updated-24 Sep, 2024 | 19:07

WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.

Vendor-stormconsultancy Liam Gladdy (Storm Consultancy)

Product-oauth_twitter_feed_for_developers oAuth Twitter Feed for Developers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-22649

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.19%

7 Day CHG~0.00%

Published-27 Mar, 2025 | 15:05

Updated-10 Apr, 2025 | 15:17

WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager wedevs-project-manager allows Stored XSS.This issue affects WP Project Manager: from n/a through 2.6.22.

Vendor-weDevs Pte. Ltd.

Product-wp_project_manager WP Project Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23878

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.40%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:38

Updated-07 May, 2025 | 13:35

WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

Vendor-weplugins flippercode

Product-wp_maps WordPress Plugin for Google Maps – WP MAPS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-53285

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.03% / 7.39%

7 Day CHG~0.00%

Published-27 Jun, 2025 | 13:21

Updated-30 Jun, 2025 | 18:38

WordPress Add & Replace Affiliate Links for Amazon plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon allows Stored XSS. This issue affects Add & Replace Affiliate Links for Amazon: from n/a through 1.0.6.

Vendor-The Website Flip

Product-Add & Replace Affiliate Links for Amazon

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24389

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.10%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 09:01

Updated-25 Sep, 2024 | 15:15

WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.

Vendor-brandid brandiD

Product-social_proof_\(testimonial\)_slider Social Proof (Testimonial) Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24386

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.23%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 09:38

Updated-10 Jan, 2025 | 18:46

WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.

Vendor-ai_contact_us_form_project Karishma Arora

Product-ai_contact_us_form AI Contact Us Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24418

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:43

Updated-09 Jan, 2025 | 15:20

WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.

Vendor-gopiplus Gopi Ramasamy

Product-tiny_carousel_horizontal_slider_plus Tiny carousel horizontal slider plus

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23811

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.66%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:44

Updated-10 Oct, 2024 | 17:23

WordPress Smoothscroller Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <= 1.0.0 versions.

Vendor-smoothscroller_project Neil Gee

Product-smoothscroller Smoothscroller

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:39

Updated-02 Aug, 2024 | 13:41

WordPress Semalt Blocker Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss Semalt Blocker plugin <= 1.1.3 versions.

Vendor-Alex Moss

Product-semalt_blocker Semalt Blocker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23871

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.63%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:35

Updated-25 Sep, 2024 | 16:44

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.

Vendor-webdzier Webdzier

Product-button Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24387

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.23%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:57

Updated-10 Jan, 2025 | 19:07

WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.

Vendor-WpDevArt

Product-organization_chart Organization chart

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:50

Updated-10 Jan, 2025 | 19:10

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.

Vendor-Smplug-in WpDevArt

Product-social_like_box_and_page Social Like Box and Page by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23980

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:39

Updated-10 Jan, 2025 | 19:10

WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.

Vendor-mailoptin MailOptin Popup Builder Team

Product-mailoptin MailOptin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24372

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:44

Updated-09 Jan, 2025 | 15:23

WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.

Vendor-usbmemorydirect USB Memory Direct

Product-simple_custom_author_profiles Simple Custom Author Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23816

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:31

Updated-10 Jan, 2025 | 18:45

WordPress Sitemap Index Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.

Vendor-sitemap_index_project Twardes

Product-sitemap_index Sitemap Index

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24391

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.63%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 12:28

Updated-25 Sep, 2024 | 15:03

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.

Vendor-spiderteams Spider Teams

Product-applyonline_-_application_form_builder_and_manager ApplyOnline

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23883

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:01

Updated-19 Feb, 2025 | 21:31

WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.

Vendor-wp_content_filter_-_censor_all_offensive_content_from_your_site_project David Gwyer

Product-wp_content_filter_-_censor_all_offensive_content_from_your_site WP Content Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:22

Updated-10 Jan, 2025 | 19:11

WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.

Vendor-wpeverest WPEverest

Product-user_registration User Registration

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23812

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:38

Updated-19 Feb, 2025 | 21:31

WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

Vendor-enhanced_wp_contact_form_project Joost de Valk

Product-enhanced_wp_contact_form Enhanced WP Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-53464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.66%

7 Day CHG~0.00%

Published-22 Sep, 2025 | 18:25

Updated-23 Sep, 2025 | 13:43

WordPress WP Mailto Links Plugin <= 3.1.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ironikus WP Mailto Links allows Stored XSS. This issue affects WP Mailto Links: from n/a through 3.1.4.

Vendor-Ironikus

Product-WP Mailto Links

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24406

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.41%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:01

Updated-02 Aug, 2024 | 13:41

WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Vendor-simple_popup_project Muneeb ur Rehman

Product-simple_popup Simple PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23786

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.24%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:19

Updated-09 Jan, 2025 | 15:21

WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.

Vendor-servit Christof Servit

Product-affiliate-toolkit affiliate-toolkit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23819

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.63%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:09

Updated-19 Feb, 2025 | 21:29

WordPress itemprop WP for SERP/SEO Rich snippets Plugin <= 3.5.201706131 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions.

Vendor-itemprop_wp_for_serp\/seo_rich_snippets_project Rolands Umbrovskis

Product-itemprop_wp_for_serp\/seo_rich_snippets itemprop WP for SERP/SEO Rich snippets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23995

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.57%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:20

Updated-09 Jan, 2025 | 15:33

WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.

Vendor-tinymce_custom_styles_project Tim Reeves & David Stöckl

Product-tinymce_custom_styles TinyMCE Custom Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-47522

Credits

WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs