ByteOS Network

Vulnerability Details :

CVE-2025-47522

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-07 May, 2025 | 14:20

Updated At-07 May, 2025 | 18:19

WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock allows Stored XSS. This issue affects AWEOS WP Lock: from n/a through 1.4.8.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:07 May, 2025 | 14:20

Updated At:07 May, 2025 | 18:19

▼CVE Numbering Authority (CNA)

WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

AWEOS GmbH

Product

AWEOS WP Lock

Collection URL

https://wordpress.org/plugins

Package Name

aweos-wp-lock

Default Status

unaffected

Versions

Affected

From n/a through 1.4.8 (custom)
- -> unaffectedfrom1.4.9

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update the WordPress AWEOS WP Lock plugin to the latest available version (at least 1.4.9).

Credits

finder

Nabil Irawan (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:07 May, 2025 | 15:16

Updated At:08 May, 2025 | 14:39

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/aweos-wp-lock/vulnerability/wordpress-aweos-wp-lock-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1204Records found

CVE-2023-28932

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:07

Updated-25 Feb, 2025 | 20:38

WordPress WPMobile.App Plugin <= 11.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.

Vendor-amauri WPMobile.App

Product-wpmobile.app WPMobile.App — Android and iOS Mobile Application

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27624

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.60% / 68.93%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 15:04

Updated-10 Oct, 2024 | 18:56

WordPress Redirect After Login Plugin <= 0.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.

Vendor-redirect_after_login_project Marcelotorres

Product-redirect_after_login Redirect After Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27614

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:54

Updated-09 Jan, 2025 | 15:37

WordPress Motor Racing League Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions.

Vendor-motor_racing_league_project Ian Haycox

Product-motor_racing_league Motor Racing League

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27621

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:58

Updated-24 Sep, 2024 | 19:08

WordPress Livestream Notice Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.

Vendor-mrdemonwolf MrDemonWolf

Product-livestream_notice Livestream Notice

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27622

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.44%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:53

Updated-23 Sep, 2024 | 12:51

WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions.

Vendor-guruwalk Abel Ruiz

Product-guruwalk_affiliates GuruWalk Affiliates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28169

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:22

Updated-09 Jan, 2025 | 15:25

WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.

Vendor-easy_event_calendar_project CoreFortress

Product-easy_event_calendar Easy Event calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27609

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.44%

7 Day CHG~0.00%

Published-19 Nov, 2024 | 21:56

Updated-25 Nov, 2024 | 14:59

WordPress WP Roles at Registration plugin <= 0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23.

Vendor-hyscaler NetTantra

Product-wp_roles_at_registration WP Roles at Registration

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28496

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:24

Updated-10 Oct, 2024 | 17:25

WordPress SMTP2GO Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions.

Vendor-smtp2go SMTP2GO

Product-smtp2go SMTP2GO – Email Made Easy

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28423

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:09

Updated-10 Oct, 2024 | 17:26

WordPress Modern Footnotes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.

Vendor-prismtechstudios Prism Tech Studios

Product-modern_footnotes Modern Footnotes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27617

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.44%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 05:22

Updated-02 Aug, 2024 | 13:39

WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.

Vendor-carrcommunications David F. Carr

Product-rsvpmaker RSVPMaker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28622

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.43%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:00

Updated-25 Sep, 2024 | 16:43

WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions.

Vendor-tridenttechnolabs Trident Technolabs

Product-easy_slider_revolution Easy Slider Revolution

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28174

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.52%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:59

Updated-10 Oct, 2024 | 17:22

WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions.

Vendor-elightup eLightUp

Product-erocket eRocket

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27618

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:33

Updated-02 Aug, 2024 | 12:16

WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.

Vendor-Agile Logix

Product-store_locator Store Locator WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28415

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:31

Updated-02 Aug, 2024 | 13:39

WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions.

Vendor-xootix XootiX

Product-side_cart_woocommerce Side Cart Woocommerce (Ajax)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28620

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 14:28

Updated-10 Oct, 2024 | 18:56

WordPress Cyberus Key Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions.

Vendor-cyberuslabs Cyberus Labs

Product-cyberus_key Cyberus Key

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27422

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:15

Updated-25 Sep, 2024 | 16:51

WordPress NS Coupon to Become Customer Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.

Vendor-nsthemes NsThemes

Product-ns_coupon_to_become_customer NS Coupon To Become Customer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27426

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:57

Updated-24 Sep, 2024 | 19:22

WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

Vendor-notifyvisitors Notifyvisitors

Product-notifyvisitors NotifyVisitors

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26537

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:13

Updated-19 Feb, 2025 | 21:29

WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions.

Vendor-wp_no_external_links_project nicolly

Product-wp_no_external_links WP No External Links

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27439

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-21 Jun, 2023 | 12:57

Updated-10 Oct, 2024 | 18:12

WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.

Vendor-new_adman_project gl_SPICE

Product-new_adman New Adman

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27416

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:25

Updated-19 Feb, 2025 | 21:27

WordPress Decon WP SMS Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.

Vendor-decondigital Decon Digital

Product-decon_wp_sms Decon WP SMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26519

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-06 May, 2023 | 06:53

Updated-09 Jan, 2025 | 15:26

WordPress Publish to Schedule Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions.

Vendor-Alex Benfica

Product-publish_to_schedule Publish to Schedule

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:59

Updated-10 Oct, 2024 | 17:22

WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.

Vendor-wow-estore Wow-Company

Product-button_generator_-_easily_button_builder Button Generator – easily Button Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26538

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 14:12

Updated-01 Nov, 2024 | 14:02

WordPress Chat Bee Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions.

Vendor-chat_bee_project Kamyabsoft

Product-chat_bee Chat Bee

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26539

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.52%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:50

Updated-10 Oct, 2024 | 17:22

WordPress Advanced Text Widget Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.

Vendor-advanced_text_widget_project Max Chirkov

Product-advanced_text_widget Advanced Text Widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27427

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 12:21

Updated-10 Oct, 2024 | 17:12

WordPress CRM Memberships Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.

Vendor-ntzapps NTZApps

Product-crm_memberships CRM Memberships

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26517

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-06 May, 2023 | 06:59

Updated-09 Jan, 2025 | 15:26

WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.

Vendor-plugin-planet Jeff Starr

Product-dashboard_widget_suite Dashboard Widgets Suite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26527

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:02

Updated-10 Oct, 2024 | 18:55

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.

Vendor-wpindeed WPIndeed

Product-debug_assistant Debug Assistant

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27415

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:53

Updated-25 Sep, 2024 | 16:51

WordPress LetterPress Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.

Vendor-themeqx Themeqx

Product-letterpress LetterPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26529

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 Apr, 2023 | 12:30

Updated-10 Jan, 2025 | 19:12

WordPress DupeOff Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.

Vendor-dupeoff_project DupeOff.com

Product-dupeoff DupeOff

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27425

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:47

Updated-02 Aug, 2024 | 13:44

WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.

Vendor-electric_studio_client_login_project James Irving-Swift

Product-electric_studio_client_login Electric Studio Client Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27429

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-21 Jun, 2023 | 13:19

Updated-10 Oct, 2024 | 17:41

WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.

Vendor-Automattic Inc.

Product-jetpack_crm Jetpack CRM

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26541

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 08:56

Updated-10 Oct, 2024 | 18:55

WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.

Vendor-asmember_project Alexander Suess

Product-asmember asMember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26515

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 10:41

Updated-10 Oct, 2024 | 18:55

WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.

Vendor-simple_slug_translate_project Ko Takagi

Product-simple_slug_translate Simple Slug Translate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:03

Updated-10 Jan, 2025 | 18:57

WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.

Vendor-streamweasels StreamWeasels

Product-twitch_player Twitch Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25451

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:41

Updated-10 Jan, 2025 | 18:44

WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.

Vendor-wpchill WPChill

Product-cpo_content_types CPO Content Types

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25712

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:29

Updated-19 Feb, 2025 | 21:34

WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.

Vendor-wp-buddy WP-Buddy

Product-google_analytics_opt-out Google Analytics Opt-Out

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25462

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:18

Updated-19 Feb, 2025 | 21:25

WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.

Vendor-antonioandrade

Product-wp_htaccess_control WP htaccess Control

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25796

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 11:08

Updated-19 Feb, 2025 | 21:32

WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.

Vendor-wp_baidu_submit_project Include

Product-wp_baidu_submit WP BaiDu Submit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25716

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:58

Updated-02 Aug, 2024 | 13:44

WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.

Vendor-announce_from_the_dashboard_project gqevu6bsiz

Product-announce_from_the_dashboard Announce from the Dashboard

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25461

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:13

Updated-09 Jan, 2025 | 15:33

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.

Vendor-smartlogix namithjawahar

Product-wp-insert Wp-Insert

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-15 Jun, 2023 | 12:28

Updated-02 Aug, 2024 | 11:39

WordPress Старт Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress Старт plugin <= 3.7 versions.

Vendor-iksweb IKSWEB

Product-wordpress_ctapt WordPress Старт

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25479

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 12:00

Updated-09 Jan, 2025 | 15:34

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.

Vendor-podlove Podlove

Product-podlove_subscribe_button Podlove Subscribe button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-51370

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-12 Feb, 2024 | 06:46

Updated-02 Aug, 2024 | 22:32

WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4.

Vendor-NinjaTeam

Product-WP Chat App

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:33

Updated-13 Jan, 2025 | 15:50

WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions.

Vendor-nooz_project Mighty Digital

Product-nooz Nooz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:48

Updated-19 Feb, 2025 | 21:37

WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.

Vendor-Ajay D'Souza

Product-top_10_-_popular_posts Top 10 – Popular posts plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25485

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:33

Updated-09 Jan, 2025 | 15:34

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

Vendor-json-content-importer Bernhard Kux

Product-json_content_importer JSON Content Importer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25793

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 24.95%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:40

Updated-09 Jan, 2025 | 15:33

WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.

Vendor-link_juice_keeper_project George Pattihis

Product-link_juice_keeper Link Juice Keeper

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25977

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-04 May, 2023 | 19:36

Updated-09 Jan, 2025 | 15:27

WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.

Vendor-9seeds 9seeds.com

Product-cpt_-_speakers CPT – Speakers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:18

Updated-09 Jan, 2025 | 15:25

WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.

Vendor-cms_press_project Michael Pretty (prettyboymp)

Product-cms_press CMS Press

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26000

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.48%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:51

WordPress Bang tinh vay <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1.

Vendor-hanhdo205

Product-Bang tinh vay

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-47522

Credits

WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs