ByteOS Network

Vulnerability Details :

CVE-2025-49042

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-29 Oct, 2025 | 04:50

Updated At-20 Jan, 2026 | 14:28

WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:29 Oct, 2025 | 04:50

Updated At:20 Jan, 2026 | 14:28

▼CVE Numbering Authority (CNA)

WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

Automattic Inc.

Product

WooCommerce

Collection URL

https://wordpress.org/plugins

Package Name

woocommerce

Default Status

unaffected

Versions

Affected

From n/a through 10.0.2 (custom)
- -> unaffectedfrom10.0.3

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592 Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592 Stored XSS

Solutions

Update the WordPress WooCommerce plugin to the latest available version (at least 10.0.3).

Credits

finder

savphill | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/woocommerce/security-policy/vdp/vulnerability/wordpress-woocommerce-plugin-10-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/woocommerce/security-policy/vdp/vulnerability/wordpress-woocommerce-plugin-10-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:29 Oct, 2025 | 05:15

Updated At:20 Jan, 2026 | 15:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/woocommerce/security-policy/vdp/vulnerability/wordpress-woocommerce-plugin-10-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/wordpress/plugin/woocommerce/security-policy/vdp/vulnerability/wordpress-woocommerce-plugin-10-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1216Records found

CVE-2025-30540

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.17% / 38.24%

7 Day CHG~0.00%

Published-24 Mar, 2025 | 13:46

Updated-24 Mar, 2025 | 15:06

WordPress AvaiBook plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in avaibook AvaiBook allows Stored XSS. This issue affects AvaiBook: from n/a through 1.2.

Vendor-avaibook

Product-AvaiBook

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30937

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.50%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 15:08

WordPress Responsify WP <= 1.9.11 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stefanledin Responsify WP allows Stored XSS. This issue affects Responsify WP: from n/a through 1.9.11.

Vendor-stefanledin

Product-Responsify WP

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:18

Updated-09 Jan, 2025 | 15:25

WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.

Vendor-cms_press_project Michael Pretty (prettyboymp)

Product-cms_press CMS Press

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26010

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-04 May, 2023 | 13:20

Updated-25 Feb, 2025 | 20:38

WordPress WPMobile.App Plugin <= 11.18 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions.

Vendor-amauri WPMobile.App

Product-wpmobile.app WPMobile.App

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:46

Updated-09 Jan, 2025 | 15:34

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Vendor-archivist_-_custom_archive_templates_project Eric Teubert

Product-archivist_-_custom_archive_templates Archivist – Custom Archive Templates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:03

Updated-10 Jan, 2025 | 18:57

WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.

Vendor-streamweasels StreamWeasels

Product-twitch_player Twitch Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25783

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:34

Updated-09 Jan, 2025 | 15:31

WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.

Vendor-Alex Moss

Product-firecask_like_\&_share_button FireCask Like & Share Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:33

Updated-13 Jan, 2025 | 15:50

WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions.

Vendor-nooz_project Mighty Digital

Product-nooz Nooz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25992

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.85%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:18

Updated-10 Jan, 2025 | 19:16

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_answers CM Answers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25479

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 12:00

Updated-09 Jan, 2025 | 15:34

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.

Vendor-podlove Podlove

Product-podlove_subscribe_button Podlove Subscribe button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25979

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 13:37

Updated-09 Jan, 2025 | 15:30

WordPress Video Gallery – YouTube Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions.

Vendor-total-soft Video Gallery by Total-Soft

Product-video_gallery Video Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25787

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:29

Updated-09 Jan, 2025 | 15:32

WordPress WP资源下载管理 Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP资源下载管理 plugin <= 1.3.9 versions.

Vendor-wp_resource_download_management_project Wbolt team

Product-wp_resource_download_management WP资源下载管理

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25451

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:41

Updated-10 Jan, 2025 | 18:44

WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.

Vendor-wpchill WPChill

Product-cpo_content_types CPO Content Types

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23994

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:51

Updated-10 Jan, 2025 | 18:58

WordPress Auto Hide Admin Bar Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.

Vendor-auto_hide_admin_bar_project Marcel Bootsman

Product-auto_hide_admin_bar Auto Hide Admin Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25063

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 11:38

Updated-25 Sep, 2024 | 16:45

WordPress Quick Page/Post Redirect Plugin <= 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.

Vendor-anadnet Anadnet

Product-quick_page\/post_redirect_plugin Quick Page/Post Redirect Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 07:50

Updated-10 Jan, 2025 | 19:10

WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.

Vendor-modal_dialog_project Yannick Lefebvre

Product-modal_dialog Modal Dialog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24403

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.30%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 10:32

Updated-19 Feb, 2025 | 21:35

WordPress bbPress Voting Plugin <= 2.1.11.0 is vulnerable to Cross-Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.

Vendor-wpforthewin WP For The Win

Product-bbpress_voting bbPress Voting

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24002

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 08:04

Updated-10 Jan, 2025 | 19:08

WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.

Vendor-WpDevArt

Product-youtube_embed\,_playlist_and_popup YouTube Embed, Playlist and Popup by WpDevArt

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24412

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:44

Updated-24 Sep, 2024 | 19:07

WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.

Vendor-web-settler Web-Settler

Product-image_social_feed Image Social Feed

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24376

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.14%

7 Day CHG~0.00%

Published-08 May, 2023 | 21:37

Updated-19 Feb, 2025 | 21:31

WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.

Vendor-wp_simple_events_project Nico Graff

Product-wp_simple_events WP Simple Events

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25062

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.40% / 60.50%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:59

Updated-10 Jan, 2025 | 19:03

WordPress Pinpoint Booking System Plugin <= 2.9.9.2.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.

Vendor-pinpoint PINPOINT.WORLD

Product-pinpoint_booking_system Pinpoint Booking System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23883

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-09 May, 2023 | 10:01

Updated-19 Feb, 2025 | 21:31

WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.

Vendor-wp_content_filter_-_censor_all_offensive_content_from_your_site_project David Gwyer

Product-wp_content_filter_-_censor_all_offensive_content_from_your_site WP Content Filter

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23982

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 04:49

Updated-10 Jan, 2025 | 19:11

WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.

Vendor-wpfrom_email_project WPGear.Pro

Product-wpfrom_email WPFrom Email

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23971

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 05:04

Updated-19 Feb, 2025 | 21:35

WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.

Vendor-CodePeople

Product-wp_time_slots_booking_form WP Time Slots Booking Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-24398

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 09:20

Updated-10 Jan, 2025 | 19:03

WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.

Vendor-Snap Creek, LLC (Duplicator)

Product-ezp_coming_soon_page EZP Coming Soon Page

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23995

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 19:20

Updated-09 Jan, 2025 | 15:33

WordPress TinyMCE Custom Styles Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.

Vendor-tinymce_custom_styles_project Tim Reeves & David Stöckl

Product-tinymce_custom_styles TinyMCE Custom Styles

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23727

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:43

Updated-09 Jan, 2025 | 15:15

WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.

Vendor-formilla Formilla

Product-live_chat Live Chat by Formilla

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23675

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-30 Mar, 2023 | 10:48

Updated-19 Feb, 2025 | 21:36

WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.

Vendor-catchsquare Catchsquare

Product-wp_smart_preloader WP Smart Preloader

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23673

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-16 May, 2023 | 08:28

Updated-09 Jan, 2025 | 15:15

WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.

Vendor-themeist Harish Chouhan, Themeist

Product-i_recommend_this I Recommend This

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23812

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:38

Updated-19 Feb, 2025 | 21:31

WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.

Vendor-enhanced_wp_contact_form_project Joost de Valk

Product-enhanced_wp_contact_form Enhanced WP Contact Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23810

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:06

Updated-02 Aug, 2024 | 13:40

WordPress Panorama – WordPress Project Management Plugin Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.

Vendor-snaborbital SnapOrbital

Product-panorama Panorama

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-10 May, 2023 | 07:28

Updated-09 Jan, 2025 | 15:21

WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.

Vendor-premmerce Premmerce

Product-premmerce_redirect_manager Premmerce Redirect Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23808

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-03 May, 2023 | 14:31

Updated-09 Jan, 2025 | 15:29

WordPress Sponsors Carousel Plugin <= 4.02 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions.

Vendor-sponsors_carousel_project Sergey Panasenko

Product-sponsors_carousel Sponsors Carousel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-23822

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 13:33

Updated-10 Oct, 2024 | 17:29

WordPress UTM Tracker Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludwig Media UTM Tracker plugin <= 1.3.1 versions.

Vendor-utm_tracker_project Ludwig Media

Product-utm_tracker UTM Tracker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30630

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.50%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 16:02

WordPress Global Translator <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2.

Vendor-pozzad

Product-Global Translator

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-25835

Matching Score-4

Assigner-OpenText (formerly Micro Focus)

View Details

Matching Score-4

Assigner-OpenText (formerly Micro Focus)

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 16.45%

7 Day CHG~0.00%

Published-09 Dec, 2023 | 01:52

Updated-04 Aug, 2024 | 15:40

Micro Focus ArcSight Management Center Remote Vulnerability

A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).

Vendor-Micro Focus International Limited

Product-arcsight_management_center ArcSight Management Center

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30600

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.74%

7 Day CHG~0.00%

Published-24 Mar, 2025 | 13:47

Updated-25 Mar, 2025 | 17:47

WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiagogsrwp WP Hotjar allows Stored XSS. This issue affects WP Hotjar: from n/a through 0.0.3.

Vendor-thiagogsrwp

Product-WP Hotjar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30623

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.74%

7 Day CHG~0.00%

Published-24 Mar, 2025 | 13:47

Updated-24 Mar, 2025 | 22:00

WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox allows Stored XSS. This issue affects wA11y – The Web Accessibility Toolbox: from n/a through 1.0.3.

Vendor-Rachel Cherry

Product-wA11y – The Web Accessibility Toolbox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30575

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.98%

7 Day CHG~0.00%

Published-24 Mar, 2025 | 13:47

Updated-31 Mar, 2025 | 18:20

WordPress Login Redirect - <= <= 1.0.5 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Login Redirect allows Stored XSS. This issue affects Login Redirect: from n/a through 1.0.5.

Vendor-Arefly

Product-Login Redirect

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30938

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.50%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 16:03

WordPress Broadly for WordPress <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n/a through 3.0.2.

Vendor-broadly

Product-Broadly for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27426

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:57

Updated-24 Sep, 2024 | 19:22

WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

Vendor-notifyvisitors Notifyvisitors

Product-notifyvisitors NotifyVisitors

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30530

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.17% / 38.24%

7 Day CHG~0.00%

Published-24 Mar, 2025 | 13:46

Updated-24 Mar, 2025 | 15:08

WordPress AI Preloader plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atikul AI Preloader allows Stored XSS. This issue affects AI Preloader: from n/a through 1.0.2.

Vendor-Atikul

Product-AI Preloader

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27422

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:15

Updated-25 Sep, 2024 | 16:51

WordPress NS Coupon to Become Customer Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.

Vendor-nsthemes NsThemes

Product-ns_coupon_to_become_customer NS Coupon To Become Customer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26515

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 10:41

Updated-10 Oct, 2024 | 18:55

WordPress Simple Slug Translate Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.

Vendor-simple_slug_translate_project Ko Takagi

Product-simple_slug_translate Simple Slug Translate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26541

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 08:56

Updated-10 Oct, 2024 | 18:55

WordPress asMember Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.

Vendor-asmember_project Alexander Suess

Product-asmember asMember

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-27416

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.65%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 10:25

Updated-19 Feb, 2025 | 21:27

WordPress Decon WP SMS Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.

Vendor-decondigital Decon Digital

Product-decon_wp_sms Decon WP SMS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26517

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.44%

7 Day CHG~0.00%

Published-06 May, 2023 | 06:59

Updated-09 Jan, 2025 | 15:26

WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.

Vendor-plugin-planet Jeff Starr

Product-dashboard_widget_suite Dashboard Widgets Suite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-47613

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.17% / 38.13%

7 Day CHG~0.00%

Published-29 Mar, 2023 | 18:42

Updated-12 May, 2025 | 15:09

WordPress AI ChatBot Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.

Vendor-quantumcloud QuantumCloud

Product-wpbot AI ChatBot

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-46863

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 08:04

Updated-10 Jan, 2025 | 19:15

WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.

Vendor-fullworksplugins Fullworks

Product-quick_event_manager Quick Event Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-47171

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.61%

7 Day CHG~0.00%

Published-14 Mar, 2023 | 06:42

Updated-19 Feb, 2025 | 21:40

WordPress IP Vault – WP Firewall Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.

Vendor-ip_vault_-_wp_firewall_project Paul C. Schroeder

Product-ip_vault_-_wp_firewall IP Vault – WP Firewall

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-49042

Credits

WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs