Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-49938

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Oct, 2025 | 14:32
Updated At-20 Jan, 2026 | 14:28
Rejected At-
Credits

WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Oct, 2025 | 14:32
Updated At:20 Jan, 2026 | 14:28
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress JetEngine plugin <= 3.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

Affected Products
Vendor
CrocoBlock
Product
JetEngine
Collection URL
https://crocoblock.com
Package Name
jet-engine
Default Status
unaffected
Versions
Affected
  • From n/a through <= 3.7.3 (custom)
    • -> unaffectedfrom3.7.4
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592Stored XSS
CAPEC ID: CAPEC-592
Description: Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Oct, 2025 | 15:15
Updated At:20 Jan, 2026 | 15:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-7-3-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2534Records found
CVE-2026-24354
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.

Action-Not Available
Vendor-PenciDesign
Product-Penci Shortcodes & Performance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Form to Chat App plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.

Action-Not Available
Vendor-Micro.company
Product-Form to Chat App
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-62984
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.76%
||
7 Day CHG+0.02%
Published-27 Oct, 2025 | 01:34
Updated-04 Mar, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP AdCenter plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.1.

Action-Not Available
Vendor-WPeka
Product-WP AdCenter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24383
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.

Action-Not Available
Vendor-bPlugins
Product-B Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 16:21
Updated-08 Jan, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.

Action-Not Available
Vendor-pencilwp
Product-X Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22717
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.83%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 11:09
Updated-09 Jan, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions.

Action-Not Available
Vendor-ncraftsnCrafts
Product-formcraftFormCraft
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 16:19
Updated-08 Jan, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.

Action-Not Available
Vendor-BuddyDev
Product-MediaPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24389
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.

Action-Not Available
Vendor-WP Chill
Product-Gallery PhotoBlocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.83%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 14:31
Updated-19 Feb, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.

Action-Not Available
Vendor-wp_links_page_projectRobert Macchi
Product-wp_links_pageWP Links Page
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22702
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.85%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 14:42
Updated-25 Feb, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPMobile.App — Android and iOS Mobile Application Plugin <= 11.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions.

Action-Not Available
Vendor-amauriWPMobile.App
Product-wpmobile.appWPMobile.App — Android and iOS Mobile Application
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress teachPress plugin <= 9.0.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12.

Action-Not Available
Vendor-winkm89
Product-teachPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22347
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through <= 3.3.2.

Action-Not Available
Vendor-subhansanjaya
Product-Carousel Horizontal Posts Content Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 08:53
Updated-06 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.

Action-Not Available
Vendor-CodexThemes
Product-TheGem (Elementor)TheGem (WPBakery)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47631
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:11
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins LLC Logo Carousel – Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through 1.2.

Action-Not Available
Vendor-bPlugins LLC
Product-Logo Carousel – Clients logo carousel for WP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.03%
||
7 Day CHG~0.00%
Published-23 Apr, 2023 | 09:32
Updated-02 Aug, 2024 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Blvd Responsive Google Maps Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions.

Action-Not Available
Vendor-theme_blvd_responsive_google_maps_projectJason Bobich
Product-theme_blvd_responsive_google_mapsTheme Blvd Responsive Google Maps
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48036
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.81%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:21
Updated-10 Jul, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKT Blocks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.6.

Action-Not Available
Vendor-Sonl Sinha (SKT Web Themes LLC)
Product-skt_blocksSKT Blocks – Gutenberg based Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47626
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:31
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.

Action-Not Available
Vendor-Rometheme
Product-RomethemeKit For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48120
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.03% / 77.16%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 00:00
Updated-29 Oct, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.

Action-Not Available
Vendor-x2enginen/ax2engine
Product-x2crmn/ax2crm
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:10
Updated-13 Mar, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DethemeKit For Elementor plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7.

Action-Not Available
Vendor-dethemedeTheme
Product-dethemekit_for_elementorDethemeKit For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:20
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementInvader Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7.

Action-Not Available
Vendor-ElementInvader
Product-ElementInvader Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22721
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.71%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 17:50
Updated-07 Nov, 2023 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oi Yandex.Maps for WordPress Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.

Action-Not Available
Vendor-oi_yandex.maps_projectAlexei Isaenko
Product-oi_yandex.mapsOi Yandex.Maps for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47625
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:32
Updated-22 Jan, 2025 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.

Action-Not Available
Vendor-themelooksThemeLooks
Product-enter_addonsEnter Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47639
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:01
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VdoCipher plugin <= 1.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29.

Action-Not Available
Vendor-VdoCipher
Product-VdoCipher
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47628
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:23
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.3.

Action-Not Available
Vendor-LA-Studio
Product-LA-Studio Element Kit for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47642
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:59
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Keap Official Opt-in Forms plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1.

Action-Not Available
Vendor-Keap
Product-Keap Official Opt-in Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47622
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:36
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Woo Labels plugin <= 2.01 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01.

Action-Not Available
Vendor-ILLID
Product-Advanced Woo Labels
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47641
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.71%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 12:21
Updated-04 Oct, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Confetti Fall Animation plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.

Action-Not Available
Vendor-WPDeveloperr
Product-Confetti Fall Animation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47627
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:30
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Travel Gutenberg Blocks plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.6.0.

Action-Not Available
Vendor-WP Travel
Product-WP Travel Gutenberg Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48041
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.88%
||
7 Day CHG+0.08%
Published-11 Oct, 2024 | 18:27
Updated-15 Oct, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CM Tooltip Glossary plugin <= 4.3.9 - Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9.

Action-Not Available
Vendor-CreativeMindsSolutions
Product-CM Tooltip Glossary
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48025
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:23
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Baseball Scoreboard plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3.

Action-Not Available
Vendor-DOGROW.NET
Product-Simple Baseball Scoreboard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.53% / 81.12%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 00:00
Updated-01 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.

Action-Not Available
Vendor-telestreamn/atektronix
Product-sentryn/asentry
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:08
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zoho forms plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-Zoho Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43263
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:21
Updated-19 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visual Composer Starter theme <= 3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3.

Action-Not Available
Vendor-Visual Composer
Product-Visual Composer Starter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25453
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.54%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-20 Feb, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.

Action-Not Available
Vendor-mdempfle
Product-Advanced iFrame
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-46976
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.12%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 20:12
Updated-03 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-backstageThe Linux Foundation
Product-backstagebackstage
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:44
Updated-07 Jan, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1.

Action-Not Available
Vendor-BoldThemes
Product-bold_page_builderBold Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47382
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:56
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page-list plugin <= 5.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6.

Action-Not Available
Vendor-Webvitaly
Product-Page-list
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47298
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.38%
||
7 Day CHG+0.04%
Published-06 Oct, 2024 | 11:44
Updated-07 Jan, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.1.1.

Action-Not Available
Vendor-BoldThemes
Product-bold_page_builderBold Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.54%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-19 Feb, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Omnipress plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.

Action-Not Available
Vendor-omnipressteam
Product-Omnipress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG+0.04%
Published-06 Oct, 2024 | 11:29
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARI Fancy Lightbox - Popup for WordPress plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ARI Soft ARI Fancy Lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through 1.3.17.

Action-Not Available
Vendor-ARI Soft
Product-ARI Fancy Lightbox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 15:14
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XLTab – Accordions and Tabs for Elementor Page Builder plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ashraf XLTab – Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab – Accordions and Tabs for Elementor Page Builder: from n/a through 1.3.

Action-Not Available
Vendor-Ashraf
Product-XLTab – Accordions and Tabs for Elementor Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47363
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG+0.04%
Published-06 Oct, 2024 | 09:49
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blockspare plugin <= 3.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4.

Action-Not Available
Vendor-Blockspare
Product-Blockspare
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47390
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:45
Updated-22 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jeg Elementor Kit plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8.

Action-Not Available
Vendor-jegthemeJegtheme
Product-jeg_elementor_kitJeg Elementor Kit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22696
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.83%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 08:10
Updated-09 Jan, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliate Links Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions.

Action-Not Available
Vendor-custom4webCustom4Web
Product-affiliate_links_liteAffiliate Links Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG+0.04%
Published-06 Oct, 2024 | 10:19
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cozy Blocks plugin <= 2.0.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11.

Action-Not Available
Vendor-CozyThemes
Product-Cozy Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:51
Updated-11 Apr, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.8.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47393
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:41
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quill Forms plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0.

Action-Not Available
Vendor-Quillforms
Product-Quill Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.83%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 07:47
Updated-09 Jan, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.

Action-Not Available
Vendor-Agent Evolution
Product-impress_listingsIMPress Listings
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47364
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG+0.04%
Published-06 Oct, 2024 | 09:48
Updated-22 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Move Addons for Elementor plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4.

Action-Not Available
Vendor-moveaddonsMove addons
Product-move_addons_for_elementorMove Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47340
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG+0.04%
Published-06 Oct, 2024 | 10:51
Updated-07 Oct, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89.

Action-Not Available
Vendor-PickPlugins
Product-Post Grid and Gutenberg Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 50
  • 51
  • Next
Details not found