ByteOS Network

Vulnerability Details :

CVE-2025-48305

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-28 Aug, 2025 | 12:36

Updated At-28 Aug, 2025 | 14:11

WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:28 Aug, 2025 | 12:36

Updated At:28 Aug, 2025 | 14:11

▼CVE Numbering Authority (CNA)

WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

vikingjs

Product

Goal Tracker for Patreon

Collection URL

https://wordpress.org/plugins

Package Name

goal-tracker-for-patreon

Default Status

unaffected

Versions

Affected

From n/a through 0.4.6 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Credits

finder

Vinit Lakra (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/goal-tracker-for-patreon/vulnerability/wordpress-goal-tracker-for-patreon-plugin-0-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/goal-tracker-for-patreon/vulnerability/wordpress-goal-tracker-for-patreon-plugin-0-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:28 Aug, 2025 | 13:15

Updated At:28 Aug, 2025 | 13:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	audit@patchstack.com

CWE ID: CWE-79

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/goal-tracker-for-patreon/vulnerability/wordpress-goal-tracker-for-patreon-plugin-0-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/goal-tracker-for-patreon/vulnerability/wordpress-goal-tracker-for-patreon-plugin-0-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1073Records found

CVE-2023-24397

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 15:41

Updated-24 Sep, 2024 | 19:08

WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.

Vendor-reservation Reservation.Studio

Product-reservation.studio Reservation.Studio widget

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23994

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:51

Updated-10 Jan, 2025 | 18:58

WordPress Auto Hide Admin Bar Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.

Vendor-auto_hide_admin_bar_project Marcel Bootsman

Product-auto_hide_admin_bar Auto Hide Admin Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23723

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-02 May, 2023 | 11:02

Updated-09 Jan, 2025 | 15:32

WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.

Vendor-winwar Winwar Media

Product-wp_email_capture WP Email Capture

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23875

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:10

Updated-09 Jan, 2025 | 15:29

WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions.

Vendor-bing_site_verification_plugin_using_meta_tag_project Himanshu

Product-bing_site_verification_plugin_using_meta_tag Bing Site Verification plugin using Meta Tag

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24372

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:44

Updated-09 Jan, 2025 | 15:23

WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.

Vendor-usbmemorydirect USB Memory Direct

Product-simple_custom_author_profiles Simple Custom Author Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24383

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.44%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:12

Updated-10 Jan, 2025 | 19:08

WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.

Vendor-kibokolabs Kiboko Labs

Product-namaste\!_lms Namaste! LMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24406

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-10 May, 2023 | 08:01

Updated-02 Aug, 2024 | 13:41

WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.

Vendor-simple_popup_project Muneeb ur Rehman

Product-simple_popup Simple PopUp

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24396

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.44%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:14

Updated-02 Aug, 2024 | 13:44

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.

Vendor-vikwp E4J s.r.l.

Product-vikbooking_hotel_booking_engine_\&_pms VikBooking Hotel Booking Engine & PMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24391

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 12:28

Updated-25 Sep, 2024 | 15:03

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.

Vendor-spiderteams Spider Teams

Product-applyonline_-_application_form_builder_and_manager ApplyOnline

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24387

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.44%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:57

Updated-10 Jan, 2025 | 19:07

WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.

Vendor-WpDevArt

Product-organization_chart Organization chart

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24402

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.99%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 08:48

Updated-19 Feb, 2025 | 21:34

WordPress WP Booking System Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.

Vendor-wpbookingsystem Veribo, Roland Murg

Product-wp_booking_system WP Booking System – Booking Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23654

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-15 May, 2023 | 11:40

Updated-02 Aug, 2024 | 13:40

WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SparkPost plugin <= 3.2.5 versions.

Vendor-messagebird SparkPost

Product-sparkpost SparkPost

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23811

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:44

Updated-10 Oct, 2024 | 17:23

WordPress Smoothscroller Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <= 1.0.0 versions.

Vendor-smoothscroller_project Neil Gee

Product-smoothscroller Smoothscroller

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23819

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:09

Updated-19 Feb, 2025 | 21:29

WordPress itemprop WP for SERP/SEO Rich snippets Plugin <= 3.5.201706131 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions.

Vendor-itemprop_wp_for_serp\/seo_rich_snippets_project Rolands Umbrovskis

Product-itemprop_wp_for_serp\/seo_rich_snippets itemprop WP for SERP/SEO Rich snippets

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23807

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 14.63%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 11:42

Updated-10 Oct, 2024 | 17:23

WordPress MojoPlug Slide Panel Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions.

Vendor-qumos Qumos

Product-mojoplug_slide_panel MojoPlug Slide Panel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23734

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:40

Updated-02 Aug, 2024 | 10:42

WordPress Userlike – WordPress Live Chat plugin Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.

Vendor-userlike David Voswinkel

Product-userlike Userlike – WordPress Live Chat plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-28853

Matching Score-4

Assigner-GitHub, Inc.

View Details

Matching Score-4

Assigner-GitHub, Inc.

CVSS Score-3.9||LOW

EPSS-0.49% / 64.52%

7 Day CHG~0.00%

Published-27 Mar, 2024 | 13:17

Updated-15 Jan, 2025 | 17:52

Ampache Stored XSS

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.

Vendor-ampache ampache ampache

Product-ampache ampache ampache

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:22

Updated-10 Jan, 2025 | 19:11

WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.

Vendor-wpeverest WPEverest

Product-user_registration User Registration

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34018

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.95%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 17:01

Updated-02 Aug, 2024 | 15:54

WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0.

Vendor-soundcloud SoundCloud Inc.

Product-soundcloud_shortcode SoundCloud Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23647

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 15.31%

7 Day CHG~0.00%

Published-09 May, 2023 | 11:05

Updated-09 Jan, 2025 | 15:22

WordPress Team Member Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions.

Vendor-wpmart Sk. Abul Hasan

Product-team_member_-_team_with_slider Team Member – Team with Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23821

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-04 Apr, 2023 | 11:31

Updated-02 Aug, 2024 | 13:45

WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.

Vendor-interactive_polish_map_project Marcin Pietrzak

Product-interactive_polish_map Interactive Polish Map

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23720

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-16 May, 2023 | 09:31

Updated-09 Jan, 2025 | 15:15

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions.

Vendor-skeepers NetReviews SAS

Product-verified_reviews_\(avis_verifies\)Verified Reviews (Avis Vérifiés)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23816

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:31

Updated-10 Jan, 2025 | 18:45

WordPress Sitemap Index Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.

Vendor-sitemap_index_project Twardes

Product-sitemap_index Sitemap Index

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23727

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:43

Updated-09 Jan, 2025 | 15:15

WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.

Vendor-formilla Formilla

Product-live_chat Live Chat by Formilla

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23871

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 10:35

Updated-25 Sep, 2024 | 16:44

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.

Vendor-webdzier Webdzier

Product-button Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:50

Updated-10 Jan, 2025 | 19:10

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.

Vendor-Smplug-in WpDevArt

Product-social_like_box_and_page Social Like Box and Page by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:50

Updated-10 Jan, 2025 | 19:10

WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.

Vendor-modal_dialog_project Yannick Lefebvre

Product-modal_dialog Modal Dialog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23996

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:46

Updated-10 Jan, 2025 | 19:10

WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions.

Vendor-properfraction ProfilePress Membership Team

Product-profilepress ProfilePress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23718

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 11:22

Updated-10 Jan, 2025 | 19:19

WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions.

Vendor-page_loading_effects_project Esstat17

Product-page_loading_effects Page Loading Effects

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23982

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:49

Updated-10 Jan, 2025 | 19:11

WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.

Vendor-wpfrom_email_project WPGear.Pro

Product-wpfrom_email WPFrom Email

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23995

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:20

Updated-09 Jan, 2025 | 15:33

WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.

Vendor-tinymce_custom_styles_project Tim Reeves & David Stöckl

Product-tinymce_custom_styles TinyMCE Custom Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23786

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 15.31%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:19

Updated-09 Jan, 2025 | 15:21

WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.

Vendor-servit Christof Servit

Product-affiliate-toolkit affiliate-toolkit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23884

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:07

Updated-02 Aug, 2024 | 10:42

WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.

Vendor-kanbanwp Kanban for WordPress

Product-kanban_boards_for_wordpress Kanban Boards for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23863

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-09 May, 2023 | 07:38

Updated-02 Aug, 2024 | 13:44

WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.

Vendor-blackandwhitedigital Black and White Digital Ltd

Product-treepress TreePress – Easy Family Trees & Ancestor Profiles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23707

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 15.31%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:12

Updated-02 Aug, 2024 | 13:45

WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions.

Vendor-AWSM Digital Innovations

Product-embed_any_document Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2023-23980

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:39

Updated-10 Jan, 2025 | 19:10

WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.

Vendor-mailoptin MailOptin Popup Builder Team

Product-mailoptin MailOptin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23785

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-03 May, 2023 | 14:12

Updated-09 Jan, 2025 | 15:30

WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.

Vendor-exquisite_paypal_donation_project DgCult

Product-exquisite_paypal_donation Exquisite PayPal Donation

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23799

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 13:39

Updated-10 Jan, 2025 | 18:56

WordPress Easy Panorama Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.

Vendor-easy_panorama_project Leonardo Giacone

Product-easy_panorama Easy Panorama

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23675

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 10:48

Updated-19 Feb, 2025 | 21:36

WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.

Vendor-catchsquare Catchsquare

Product-wp_smart_preloader WP Smart Preloader

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23998

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:42

Updated-02 Aug, 2024 | 13:44

WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions.

Vendor-e4jconnect E4J s.r.l.

Product-vikrentcar VikRentCar Car Rental Management System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23881

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:03

Updated-02 Aug, 2024 | 13:44

WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions.

Vendor-greentreelabs GreenTreeLabs

Product-circles_gallery Circles Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23682

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-15 May, 2023 | 12:14

Updated-09 Jan, 2025 | 15:15

WordPress EZP Maintenance Mode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Maintenance Mode plugin <= 1.0.1 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_maintenance_mode EZP Maintenance Mode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23710

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:41

Updated-19 Feb, 2025 | 21:32

WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.

Vendor-miniorange miniOrange

Product-wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\)WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23683

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-15 May, 2023 | 11:36

Updated-02 Aug, 2024 | 13:40

WordPress White Label Branding for Elementor Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions.

Vendor-white_label_branding_for_elementor_page_builder_project Ozan Canakli

Product-white_label_branding_for_elementor_page_builder White Label Branding for Elementor Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23674

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-15 May, 2023 | 11:24

Updated-19 Feb, 2025 | 21:30

WordPress WP Original Media Path Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <= 2.4.0 versions.

Vendor-rvola RVOLA

Product-wp_original_media_path WP Original Media Path

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23673

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:28

Updated-09 Jan, 2025 | 15:15

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.

Vendor-themeist Harish Chouhan, Themeist

Product-i_recommend_this I Recommend This

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23812

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:38

Updated-19 Feb, 2025 | 21:31

WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

Vendor-enhanced_wp_contact_form_project Joost de Valk

Product-enhanced_wp_contact_form Enhanced WP Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24002

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:04

Updated-10 Jan, 2025 | 19:08

WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.

Vendor-WpDevArt

Product-youtube_embed\,_playlist_and_popup YouTube Embed, Playlist and Popup by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23793

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-09 May, 2023 | 09:53

Updated-09 Jan, 2025 | 15:23

WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.

Vendor-8web Eightweb Interactive

Product-read_more_without_refresh Read More Without Refresh

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23971

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:04

Updated-19 Feb, 2025 | 21:35

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.

Vendor-CodePeople

Product-wp_time_slots_booking_form WP Time Slots Booking Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-48305

Credits

WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs