ByteOS Network

Vulnerability Details :

CVE-2025-48276

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-19 May, 2025 | 14:45

Updated At-19 May, 2025 | 15:16

WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.11.0.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:19 May, 2025 | 14:45

Updated At:19 May, 2025 | 15:16

▼CVE Numbering Authority (CNA)

WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

Visual Composer

Product

Visual Composer Website Builder

Collection URL

https://wordpress.org/plugins

Package Name

visualcomposer

Default Status

unaffected

Versions

Affected

From n/a through 45.11.0 (custom)
- -> unaffectedfrom45.12.0

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update the WordPress Visual Composer Website Builder plugin to the latest available version (at least 45.12.0).

Credits

finder

muhammad yudha (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/visualcomposer/vulnerability/wordpress-visual-composer-website-builder-45-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/visualcomposer/vulnerability/wordpress-visual-composer-website-builder-45-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:19 May, 2025 | 15:15

Updated At:21 May, 2025 | 20:25

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/visualcomposer/vulnerability/wordpress-visual-composer-website-builder-45-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/visualcomposer/vulnerability/wordpress-visual-composer-website-builder-45-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

2142Records found

CVE-2024-35765

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 28.85%

7 Day CHG~0.00%

Published-19 Jun, 2024 | 10:17

Updated-09 Jun, 2025 | 20:17

WordPress Greenshift – animation and page builder blocks plugin <= 8.8.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 8.8.9.1.

Vendor-wpsoul Wpsoul

Product-greenshift Greenshift – animation and page builder blocks

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35699

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 29.17%

7 Day CHG~0.00%

Published-08 Jun, 2024 | 14:17

Updated-29 Aug, 2024 | 17:09

WordPress HT Feed plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Feed allows Stored XSS.This issue affects HT Feed: from n/a through 1.2.8.

Vendor-HasTech IT Limited (HasThemes)

Product-ht_feed HT Feed ht_feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34687

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.28%

7 Day CHG~0.00%

Published-14 May, 2024 | 03:56

Updated-02 Aug, 2024 | 02:59

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

Vendor-SAP SE

Product-SAP NetWeaver Application server for ABAP and ABAP Platform sap_netweaver_application_server_for_abap_and_abap_platform

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34436

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 33.65%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:05

Updated-02 Aug, 2024 | 02:51

WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8.

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28534

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 08:28

Updated-19 Feb, 2025 | 21:29

WordPress WP Job Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions.

Vendor-WP Job Portal

Product-wp_job_portal WP Job Portal – A Complete Job Board

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34432

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 33.65%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:06

Updated-02 Aug, 2024 | 02:51

WordPress Better Elementor Addons plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4.

Vendor-BetterAddons

Product-Better Elementor Addons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34795

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 29.17%

7 Day CHG~0.00%

Published-03 Jun, 2024 | 10:44

Updated-07 Mar, 2025 | 11:54

WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through 0.21.3.

Vendor-tainacan Tainacan.org

Product-tainacan Tainacan

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34548

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.24% / 47.37%

7 Day CHG~0.00%

Published-08 May, 2024 | 11:29

Updated-02 Aug, 2024 | 02:59

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8.

Vendor-Themesgrove

Product-WidgetKit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34769

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 30.80%

7 Day CHG~0.00%

Published-03 Jun, 2024 | 11:15

Updated-02 Aug, 2024 | 02:59

WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through 1.7.

Vendor-cyclonetheme

Product-Elegant Blocks

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34757

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.21% / 43.67%

7 Day CHG~0.00%

Published-17 May, 2024 | 05:59

Updated-10 Apr, 2025 | 20:51

WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3.

Vendor-visualmodo Visualmodo visualmodo

Product-borderless Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg borderless

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26771

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.15% / 36.20%

7 Day CHG~0.00%

Published-04 Oct, 2024 | 00:00

Updated-27 May, 2025 | 19:26

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.

Vendor-taskcafe_project n/a taskcafe_project

Product-taskcafe n/a taskcafe

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27631

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 07:29

Updated-10 Oct, 2024 | 17:38

WordPress Daily Prayer Time Plugin <= 2023.05.04 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.

Vendor-mmrs151 mmrs151

Product-daily_prayer_time Daily Prayer Time

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27443

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-21 Jun, 2023 | 12:42

Updated-02 Aug, 2024 | 13:40

WordPress Simple Vimeo Shortcode Plugin <= 2.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions.

Vendor-simple_vimeo_shortcode_project Grant Kimball

Product-simple_vimeo_shortcode Simple Vimeo Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34390

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 33.45%

7 Day CHG~0.00%

Published-06 May, 2024 | 18:21

Updated-09 Jun, 2025 | 20:52

WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8.

Vendor-AddonMaster (Akhtarujjaman Shuvo)

Product-post_grid_master Post Grid Master

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34547

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.21% / 43.67%

7 Day CHG~0.00%

Published-08 May, 2024 | 11:31

Updated-28 Jan, 2025 | 03:28

WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.

Vendor-wpthemespace Noor alam

Product-magical_addons_for_elementor Magical Addons For Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27628

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.15% / 36.88%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:49

Updated-23 Sep, 2024 | 12:51

WordPress Sitekit Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions.

Vendor-sitekit_project Webvitaly

Product-sitekit Sitekit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34562

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.21% / 43.67%

7 Day CHG~0.00%

Published-08 May, 2024 | 11:08

Updated-27 Jan, 2025 | 15:20

WordPress Move Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0.

Vendor-moveaddons Moveaddons moveaddons

Product-move_addons_for_elementor Move Addons for Elementor move_addons_for_elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34445

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.16% / 37.72%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:00

Updated-02 Aug, 2024 | 02:51

WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Vendor-Sonl Sinha (SKT Web Themes LLC)

Product-SKT Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27620

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:49

Updated-10 Jan, 2025 | 18:56

WordPress Robo Gallery Plugin <= 3.2.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.

Vendor-robogallery RoboSoft

Product-robo_gallery Photo Gallery, Images, Slider in Rbs Image Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27636

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.19% / 41.30%

7 Day CHG~0.00%

Published-16 Jun, 2024 | 00:00

Updated-08 Aug, 2024 | 14:08

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.

Vendor-n/a Progress Software Corporation

Product-sitefinity n/a sitefinity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27413

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 07:42

Updated-10 Oct, 2024 | 17:37

WordPress W4 Post List Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.

Vendor-w4_post_list_project Shazzad Hossain Khan

Product-w4_post_list W4 Post List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26536

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-05 Apr, 2023 | 07:35

Updated-19 Feb, 2025 | 21:35

WordPress Sp*tify Play Button for WordPress Plugin <= 2.05 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.

Vendor-followmedarling Jonk @ Follow me Darling

Product-spotify-play-button-for-wordpress Sp*tify Play Button for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34415

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.20% / 41.96%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:34

Updated-02 Aug, 2024 | 02:51

WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8.

Vendor-ThimPress (PhysCode)

Product-Thim Elementor Kit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34441

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.46%

7 Day CHG~0.00%

Published-09 May, 2024 | 11:01

Updated-02 Aug, 2024 | 02:51

WordPress Easy Affiliate Links plugin <= 3.7.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2.

Vendor-Bootstrapped Ventures bootstrapped_ventures

Product-Easy Affiliate Links easy_affiliate_links

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34764

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 29.17%

7 Day CHG~0.00%

Published-03 Jun, 2024 | 11:39

Updated-01 Mar, 2025 | 01:48

WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.15.

Vendor-WPDeveloper

Product-essential_addons_for_elementor Essential Addons for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39659

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.31%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:45

Updated-31 Mar, 2025 | 18:22

WordPress WP-PostRatings plugin <= 1.91.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Stored XSS.This issue affects WP-PostRatings: from n/a through 1.91.1.

Vendor-lesterchan Lester ‘GaMerZ’ Chan

Product-wp-postratings WP-PostRatings

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34571

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.23% / 45.78%

7 Day CHG~0.00%

Published-08 May, 2024 | 09:39

Updated-02 Aug, 2024 | 02:59

WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.

Vendor-ThemeGrill

Product-Himalayas

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34801

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 30.80%

7 Day CHG~0.00%

Published-03 Jun, 2024 | 10:32

Updated-02 Aug, 2024 | 02:59

WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through 4.0.15.

Vendor-Mervin Praison

Product-Praison SEO WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35167

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.16% / 37.72%

7 Day CHG~0.00%

Published-13 May, 2024 | 10:02

Updated-25 Mar, 2025 | 17:26

WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8.

Vendor-envothemes EnvoThemes

Product-envo\'s_elementor_templates_\&_widgets_for_woocommerce Envo's Elementor Templates & Widgets for WooCommerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34805

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.42%

7 Day CHG~0.00%

Published-16 May, 2024 | 15:50

Updated-02 Aug, 2024 | 02:59

WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0.

Vendor-Webvitaly

Product-iFrame

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34575

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.24% / 47.68%

7 Day CHG~0.00%

Published-17 May, 2024 | 06:03

Updated-21 Mar, 2025 | 18:11

WordPress DethemeKit For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2.

Vendor-detheme deTheme

Product-dethemekit_for_elementor DethemeKit For Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34569

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.23% / 45.78%

7 Day CHG~0.00%

Published-08 May, 2024 | 10:38

Updated-02 Aug, 2024 | 02:59

WordPress Zotpress plugin <= 7.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9.

Vendor-Katie Seaborn

Product-Zotpress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39668

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.31%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:31

Updated-22 Nov, 2024 | 19:09

WordPress Extensions for Elementor plugin <= 2.0.31 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Stored XSS.This issue affects Extensions for Elementor: from n/a through 2.0.31.

Vendor-idioweb petesheppard84

Product-extensions_for_elementor Extensions for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34566

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.21% / 43.67%

7 Day CHG~0.00%

Published-08 May, 2024 | 10:54

Updated-12 Feb, 2025 | 01:40

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0.

Vendor-vanderwijk Johan van der Wijk johan_van_der_wijk

Product-content_blocks Content Blocks (Custom Post Widget)content_blocks_custom_post_widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26013

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 08:37

Updated-02 Aug, 2024 | 13:40

WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.

Vendor-wpchill WPChill

Product-strong_testimonials Strong Testimonials

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39644

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 21.89%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 22:17

Updated-11 Sep, 2024 | 17:31

WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5.

Vendor-modernaweb Modernaweb Studio

Product-black_widgets_for_elementor Black Widgets For Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34573

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 33.45%

7 Day CHG~0.00%

Published-08 May, 2024 | 09:00

Updated-02 Aug, 2024 | 02:59

WordPress Pootle Pagebuilder plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1.

Vendor-Pootlepress

Product-Pootle Pagebuilder – WordPress Page builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34765

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.38%

7 Day CHG~0.00%

Published-08 Jun, 2024 | 14:44

Updated-02 Aug, 2024 | 02:59

WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.

Vendor-Sensei

Product-Sensei Pro (WC Paid Courses)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25798

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-03 May, 2023 | 11:04

Updated-09 Jan, 2025 | 15:31

WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions.

Vendor-olevmedia Olevmedia

Product-olevmedia_shortcodes Olevmedia Shortcodes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-39665

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 29.32%

7 Day CHG~0.00%

Published-01 Aug, 2024 | 21:34

Updated-02 Aug, 2024 | 18:18

WordPress Filter & Grids plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YMC Filter & Grids allows Stored XSS.This issue affects Filter & Grids: from n/a through 2.9.2.

Vendor-YMC

Product-Filter & Grids

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-34376

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.46%

7 Day CHG~0.00%

Published-06 May, 2024 | 18:27

Updated-02 Aug, 2024 | 02:51

WordPress Edge theme <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9.

Vendor-Theme Freesia

Product-Edge

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25982

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.08% / 23.71%

7 Day CHG~0.00%

Published-04 May, 2023 | 19:48

Updated-09 Jan, 2025 | 15:27

WordPress Simple YouTube Responsive Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions.

Vendor-simple_youtube_responsive_project Eirudo

Product-simple_youtube_responsive Simple YouTube Responsive

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33932

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.46%

7 Day CHG~0.00%

Published-03 May, 2024 | 07:08

Updated-02 Aug, 2024 | 02:42

WordPress Login Logout Register Menu plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0.

Vendor-Vinod Dalvi

Product-Login Logout Register Menu

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38678

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 20.83%

7 Day CHG-0.01%

Published-20 Jul, 2024 | 07:49

Updated-02 Aug, 2024 | 04:12

WordPress Calendar.online / Kalender.digital – Plugin plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Calendar.Online Calendar.Online / Kalender.Digital allows Stored XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.8.

Vendor-Calendar.online

Product-Calendar.online / Kalender.digital

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.12% / 32.04%

7 Day CHG+0.05%

Published-20 Jul, 2024 | 07:22

Updated-02 Aug, 2024 | 04:19

WordPress EazyDocs plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EazyDocs eazydocs allows Stored XSS.This issue affects EazyDocs: from n/a through 2.5.0.

Vendor-spider-themes

Product-EazyDocs

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33631

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.28% / 51.26%

7 Day CHG~0.00%

Published-29 Apr, 2024 | 05:07

Updated-27 Aug, 2025 | 22:15

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.

Vendor-Piotnet

Product-Piotnet Addons For Elementor Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-38718

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.11% / 30.45%

7 Day CHG+0.04%

Published-20 Jul, 2024 | 07:23

Updated-02 Aug, 2024 | 04:19

WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1.

Vendor-clicklabs® Medienagentur

Product-Download Button for Elementor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25981

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 22.23%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 09:54

Updated-24 Sep, 2024 | 19:25

WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.

Vendor-themekraft ThemeKraft

Product-post_form Post Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-33934

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 35.46%

7 Day CHG~0.00%

Published-03 May, 2024 | 07:07

Updated-02 Aug, 2024 | 02:42

WordPress Mini Loops plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1.

Vendor-Kailey Lampert WordPress.org

Product-Mini Loops mini_loops

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-37956

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.20% / 42.44%

7 Day CHG+0.09%

Published-20 Jul, 2024 | 08:16

Updated-30 Aug, 2024 | 17:48

WordPress VK All in One Expansion Unit plugin <= 9.99.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vektor,Inc. VK All in One Expansion Unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through 9.99.1.0.

Vendor-vektor-inc Vektor,Inc.

Product-vk_all_in_one_expansion_unit VK All in One Expansion Unit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-48276

Credits

WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs