ByteOS Network

Vulnerability Details :

CVE-2025-48244

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-19 May, 2025 | 14:44

Updated At-19 May, 2025 | 15:19

WordPress Exclusive Addons Elementor <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:19 May, 2025 | 14:44

Updated At:19 May, 2025 | 15:19

▼CVE Numbering Authority (CNA)

WordPress Exclusive Addons Elementor <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

Tim Strifler

Product

Exclusive Addons Elementor

Collection URL

https://wordpress.org/plugins

Package Name

exclusive-addons-for-elementor

Default Status

unaffected

Versions

Affected

From n/a through 2.7.9 (custom)
- -> unaffectedfrom2.7.9.1

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update the WordPress Exclusive Addons Elementor plugin to the latest available version (at least 2.7.9.1).

Credits

finder

Nabil Irawan (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/exclusive-addons-for-elementor/vulnerability/wordpress-exclusive-addons-elementor-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/exclusive-addons-for-elementor/vulnerability/wordpress-exclusive-addons-elementor-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:19 May, 2025 | 15:15

Updated At:21 May, 2025 | 20:25

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/exclusive-addons-for-elementor/vulnerability/wordpress-exclusive-addons-elementor-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1073Records found

CVE-2023-33208

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:03

Updated-24 Sep, 2024 | 19:23

WordPress Cookie Monster Plugin <= 1.51 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.

Vendor-cookie_monster_project gsmith

Product-cookie_monster Cookie Monster

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34183

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 13:07

Updated-24 Sep, 2024 | 19:22

WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.

Vendor-unitegallery Valiano

Product-unite_gallery_lite Unite Gallery Lite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33213

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 12:42

Updated-10 Oct, 2024 | 18:55

WordPress wpView Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.

Vendor-gvectors gVectors

Product-wpview Display Custom Fields – wpView

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33210

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:24

Updated-24 Sep, 2024 | 19:23

WordPress nuajik CDN Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.

Vendor-nuajik nuajik

Product-nuajik-cdn nuajik

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34170

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 14:26

Updated-19 Feb, 2025 | 21:28

WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions.

Vendor-wpovernight WP Overnight

Product-download_quick\/bulk_order_form_for_woocommerce Quick/Bulk Order Form for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-33323

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.13%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 12:12

Updated-10 Oct, 2024 | 17:21

WordPress ARMember Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.

Vendor-reputeinfosystems Repute InfoSystems

Product-armember ARMember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32505

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 14:22

Updated-25 Sep, 2024 | 14:37

WordPress Easy Hide Login Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.

Vendor-ciphercoin Arshid

Product-easy_hide_login Easy Hide Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32575

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:28

Updated-24 Sep, 2024 | 19:25

WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.

Vendor-PI Websolution WooCommerce

Product-woocommerce Product page shipping calculator for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32584

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 08:53

Updated-24 Sep, 2024 | 19:26

WordPress eBecas Plugin <= 3.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.

Vendor-ebecas John Newcombe

Product-ebecas eBecas

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32591

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 08:57

Updated-24 Sep, 2024 | 19:26

WordPress DBargain Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.

Vendor-cloudprimero Cloud Primero B.V

Product-dbargain DBargain

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32496

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 13:35

Updated-25 Sep, 2024 | 14:37

WordPress StopBadBots Plugin <= 7.31 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.

Vendor-stopbadbots Bill Minozzi

Product-block_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam_protection Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32515

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 May, 2023 | 09:55

Updated-09 Jan, 2025 | 15:14

WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.

Vendor-custom_field_suite_project Matt Gibbs

Product-custom_field_suite Custom Field Suite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32738

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-27 Oct, 2023 | 20:16

Updated-06 Sep, 2024 | 18:47

WordPress Eonet Manual User Approve Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.

Vendor-xtendify Alkaweb

Product-eonet_manual_user_approve Eonet Manual User Approve

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32498

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-23 Aug, 2023 | 13:48

Updated-25 Sep, 2024 | 14:37

WordPress Easy Form by AYS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions.

Vendor-AYS Pro Extensions

Product-easy_form Easy Form by AYS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32595

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.40%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:01

Updated-24 Sep, 2024 | 19:25

WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.

Vendor-palasthotel Palasthotel by Edward Bock, Katharina Rompf

Product-sunny_search Sunny Search

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32962

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 11:56

Updated-24 Sep, 2024 | 19:23

WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.

Vendor-HasTech IT Limited (HasThemes)

Product-wishsuite WishSuite – Wishlist for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32577

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 08:46

Updated-24 Sep, 2024 | 19:26

WordPress DevBuddy Twitter Feed Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.

Vendor-devbuddy Eji Osigwe

Product-twitter_feed DevBuddy Twitter Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32130

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 15:05

Updated-25 Sep, 2024 | 16:15

WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.

Vendor-danielpowney Daniel Powney

Product-multi_rating Multi Rating

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32596

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 10:19

Updated-24 Sep, 2024 | 19:25

WordPress weebotLite Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions.

Vendor-wolfgangertl Wolfgang Ertl

Product-weebotlite weebotLite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32958

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-28 May, 2023 | 17:04

Updated-10 Oct, 2024 | 17:31

WordPress Novelist Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions.

Vendor-nosegraze Nose Graze

Product-novelist Novelist

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32294

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:00

Updated-24 Sep, 2024 | 19:09

WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions.

Vendor-radicalwebdesign Radical Web Design

Product-gdpr_cookie_consent_notice_box GDPR Cookie Consent Notice Box

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30745

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:59

Updated-10 Oct, 2024 | 17:29

WordPress IP Metaboxes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions.

Vendor-ip_metaboxes_project Phan Chuong

Product-ip_metaboxes IP Metaboxes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30875

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 07:58

Updated-25 Sep, 2024 | 14:39

WordPress Logo Scheduler Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions.

Vendor-allmywebneeds All My Web Needs

Product-logo_scheduler Logo Scheduler

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32582

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-03 Jun, 2023 | 11:04

Updated-10 Oct, 2024 | 18:56

WordPress Don8 Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.

Vendor-don8_project Kyle Maurer

Product-don8 Don8

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31236

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 14:47

Updated-10 Oct, 2024 | 17:28

WordPress Scripts n Styles Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFocus Projects Scripts n Styles plugin <= 3.5.7 versions.

Vendor-unfocus unFocus Projects

Product-scripts_n_styles Scripts n Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31232

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 13:11

Updated-25 Sep, 2024 | 14:39

WordPress Plugins List Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Artiss Plugins List plugin <= 2.5 versions.

Vendor-artiss David Artiss

Product-plugins_list Plugins List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32580

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 12:05

Updated-10 Oct, 2024 | 17:13

WordPress Password Protected Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.

Vendor-wpexperts WPExperts

Product-password_protected Password Protected

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30786

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-16 Aug, 2023 | 09:38

Updated-25 Sep, 2024 | 15:02

WordPress Captcha Them All Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <= 1.3.3 versions.

Vendor-fuzzguard Benjamin Guy

Product-captcha_them_all Captcha Them All

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30749

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 14:17

Updated-25 Sep, 2024 | 16:46

WordPress Optima Express + MarketBoost IDX Plugin Plugin <= 7.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <= 7.3.0 versions.

Vendor-ihomefinder ihomefinder

Product-optima_express_\+_marketboost_idx Optima Express + MarketBoost IDX Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30874

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 08:25

Updated-25 Sep, 2024 | 16:43

WordPress GPS Plotter Plugin <= 5.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions.

Vendor-stpetedesign Steve Curtis, St. Pete Design

Product-gps_plotter Gps Plotter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31091

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 10:46

Updated-25 Sep, 2024 | 16:42

WordPress Dynamically Register Sidebars Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.

Vendor-pradeepsinghweb Pradeep Singh

Product-dynamically_register_sidebars Dynamically Register Sidebars

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30746

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:24

Updated-09 Jan, 2025 | 15:20

WordPress Booqable Rental Plugin Plugin <= 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions.

Vendor-booqable Booqable Rental Software

Product-rental_software_booqable_rental Booqable Rental Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32116

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Oct, 2023 | 12:15

Updated-06 Sep, 2024 | 18:44

WordPress Custom post types Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.

Vendor-totalpress TotalPress.org

Product-custom_post_types Custom post types, Custom Fields & more

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30751

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 14:39

Updated-25 Sep, 2024 | 16:46

WordPress Article Directory Redux Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <= 1.0.2 versions.

Vendor-icontrolwp iControlWP

Product-article_directory_redux Article Directory Redux

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31228

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 Aug, 2023 | 12:57

Updated-25 Sep, 2024 | 14:39

WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_on_demand_search_and_replace CM On Demand Search And Replace

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31233

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-18 May, 2023 | 09:30

Updated-09 Jan, 2025 | 15:14

WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions.

Vendor-baidu_tongji_generator_project Haoqisir

Product-baidu_tongji_generator Baidu Tongji generator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32957

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.95%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 19:52

Updated-02 Aug, 2024 | 15:32

WordPress Team Members Showcase Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions.

Vendor-dazzlersoft Dazzlersoft

Product-team_members_showcase Team Members Showcase

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-31221

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:46

Updated-25 Sep, 2024 | 16:47

WordPress PDQ CSV Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions.

Vendor-ransomchristofferson Ransom Christofferson

Product-pdq_csv PDQ CSV

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-32292

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.73%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:55

Updated-25 Sep, 2024 | 16:47

WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.

Vendor-getbutton GetButton

Product-chat_button Chat Button by GetButton.io

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-30477

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-14 Aug, 2023 | 13:57

Updated-25 Sep, 2024 | 16:43

WordPress AFFILIATE Solution Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions.

Vendor-essitco Essitco

Product-affiliate_solution AFFILIATE Solution

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-39562

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.52%

7 Day CHG~0.00%

Published-17 Apr, 2025 | 15:46

Updated-17 Apr, 2025 | 20:21

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

Vendor-CodePeople

Product-Payment Form for PayPal Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29434

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 10:08

Updated-02 Aug, 2024 | 14:07

WordPress Optin Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions.

Vendor-fancythemes FancyThemes

Product-optin_forms Optin Forms – Simple List Building Plugin for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29438

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 12:04

Updated-10 Oct, 2024 | 17:09

WordPress SimpleModal Contact Form (SMCF) Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.

Vendor-simplemodal_contact_form_project Eric Martin

Product-simplemodal_contact_form SimpleModal Contact Form (SMCF)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-29423

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Jun, 2023 | 07:13

Updated-10 Oct, 2024 | 17:11

WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions.

Vendor-piwebsolution PI Websolution

Product-cancel_order_request_\/_return_order_\/_repeat_order_\/_reorder_for_woocommerce Cancel order request / Return order / Repeat Order / Reorder for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28169

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:22

Updated-09 Jan, 2025 | 15:25

WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.

Vendor-easy_event_calendar_project CoreFortress

Product-easy_event_calendar Easy Event calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28692

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:27

Updated-19 Feb, 2025 | 21:25

WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.

Vendor-kevonadonis Kevon Adonis

Product-wp_abstracts WP Abstracts

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28783

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 12.10%

7 Day CHG~0.00%

Published-17 Aug, 2023 | 14:50

Updated-25 Sep, 2024 | 14:48

WordPress Woocommerce Tip/Donation Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.

Vendor-phpradar PHPRADAR

Product-woocommerce_tip\/donation Woocommerce Tip/Donation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28423

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:09

Updated-10 Oct, 2024 | 17:26

WordPress Modern Footnotes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.

Vendor-prismtechstudios Prism Tech Studios

Product-modern_footnotes Modern Footnotes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28932

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:07

Updated-25 Feb, 2025 | 20:38

WordPress WPMobile.App Plugin <= 11.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.

Vendor-amauri WPMobile.App

Product-wpmobile.app WPMobile.App — Android and iOS Mobile Application

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28174

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.13%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:59

Updated-10 Oct, 2024 | 17:22

WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions.

Vendor-elightup eLightUp

Product-erocket eRocket

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-48244

Credits

WordPress Exclusive Addons Elementor <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs