Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-52749

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Oct, 2025 | 14:32
Updated At-20 Jan, 2026 | 14:28
Rejected At-
Credits

WordPress Uji Countdown plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Activity Track Uji Countdown uji-countdown allows Reflected XSS.This issue affects Uji Countdown: from n/a through <= 2.3.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Oct, 2025 | 14:32
Updated At:20 Jan, 2026 | 14:28
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Uji Countdown plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Activity Track Uji Countdown uji-countdown allows Reflected XSS.This issue affects Uji Countdown: from n/a through <= 2.3.3.

Affected Products
Vendor
Activity Track
Product
Uji Countdown
Collection URL
https://wordpress.org/plugins
Package Name
uji-countdown
Default Status
unaffected
Versions
Affected
  • From n/a through <= 2.3.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591Reflected XSS
CAPEC ID: CAPEC-591
Description: Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nguyen Xuan Chien (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/uji-countdown/vulnerability/wordpress-uji-countdown-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/uji-countdown/vulnerability/wordpress-uji-countdown-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Oct, 2025 | 15:15
Updated At:20 Jan, 2026 | 15:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Activity Track Uji Countdown uji-countdown allows Reflected XSS.This issue affects Uji Countdown: from n/a through <= 2.3.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/uji-countdown/vulnerability/wordpress-uji-countdown-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/uji-countdown/vulnerability/wordpress-uji-countdown-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2265Records found
CVE-2024-32563
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:57
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.6.7.

Action-Not Available
Vendor-VikBooking Hotel Booking Engine & PMSvikbooking
Product-VikBooking Hotel Booking Engine & PMShotel_booking_engine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.22%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:26
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MJ Update History plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Minoji MJ Update History allows Reflected XSS.This issue affects MJ Update History: from n/a through 1.0.4.

Action-Not Available
Vendor-Minojiminoji
Product-MJ Update Historymj_update_history
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32950
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 08:25
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Media Category Management plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2.

Action-Not Available
Vendor-DeBAAT
Product-WP Media Category Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:12
Updated-08 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Content in WordPress & WooCommerce with Excel plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through 4.2.

Action-Not Available
Vendor-extendWP
Product-Import Content in WordPress & WooCommerce with Excel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32588
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-1.14% / 78.07%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 08:48
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress Export Importlearnpress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 07:49
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Language Switcher for Transposh plugin <= 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9.

Action-Not Available
Vendor-Marco GasiWordPress.org
Product-Language Switcher for Transposhlanguage_switcher_for_transposh
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32574
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.30% / 53.30%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:36
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Simple HTML Sitemap plugin <= 2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Reflected XSS.This issue affects WP Simple HTML Sitemap: from n/a through 2.8.

Action-Not Available
Vendor-Ashish Ajani
Product-WP Simple HTML Sitemap
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32578
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-1.36% / 79.91%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:30
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54.

Action-Not Available
Vendor-10Web (TenWeb, Inc.)
Product-Slider by 10Web
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.94%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:06
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.

Action-Not Available
Vendor-Piotnetpiotnet
Product-Piotnet Addons For Elementor Propiotnet_forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:27
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Block Converter plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Organic Themes Bulk Block Converter allows Reflected XSS.This issue affects Bulk Block Converter: from n/a through 1.0.1.

Action-Not Available
Vendor-Organic Themes
Product-Bulk Block Converter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.14%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:46
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cornerstone plugin <= 0.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.

Action-Not Available
Vendor-Archetyped
Product-Cornerstone
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33562
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 05:14
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore theme <= 9.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.

Action-Not Available
Vendor-8theme8theme
Product-XStorexstore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32568
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-1.12% / 77.97%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 09:49
Updated-09 Jul, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.

Action-Not Available
Vendor-melapressMelapress
Product-wp_2faWP 2FA
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.47%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 09:50
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.

Action-Not Available
Vendor-Loopus
Product-WP Cost Estimation & Payment Forms Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 08:32
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Helper Premium plugin < 4.6.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Bao Corp WP Helper Premium allows Reflected XSS.This issue affects WP Helper Premium: from n/a before 4.6.0.

Action-Not Available
Vendor-Mat Bao Corp
Product-WP Helper Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32541
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:29
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Cufon plugin <= 1.6.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Battenberg WP-Cufon allows Stored XSS.This issue affects WP-Cufon: from n/a through 1.6.10.

Action-Not Available
Vendor-Tobias Battenbergtobias_battenberg
Product-WP-Cufonwp_cufon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 14:52
Updated-04 Jun, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

Action-Not Available
Vendor-iliasn/ailias
Product-iliasn/ailias
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component.

Action-Not Available
Vendor-n/amjdm
Product-n/amajordomo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 40.14%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 09:31
Updated-12 Jan, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8.

Action-Not Available
Vendor-everestthemesEverest themes
Product-gucherry_blogGuCherry Blog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31112
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:56
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Convert Post Types plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephanie Leary Convert Post Types allows Reflected XSS.This issue affects Convert Post Types: from n/a through 1.4.

Action-Not Available
Vendor-Stephanie Leary
Product-Convert Post Types
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31091
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.17%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:25
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Field Bulk Editor plugin <= 1.9.1 - Cross Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SparkWeb Interactive, Inc. Custom Field Bulk Editor allows Reflected XSS.This issue affects Custom Field Bulk Editor: from n/a through 1.9.1.

Action-Not Available
Vendor-SparkWeb Interactive, Inc.
Product-Custom Field Bulk Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31090
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:27
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hacklog Down As PDF plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 荒野无灯 Hacklog Down As PDF allows Reflected XSS.This issue affects Hacklog Down As PDF: from n/a through 2.3.6.

Action-Not Available
Vendor-荒野无灯
Product-Hacklog Down As PDF
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31106
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:06
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yooslider Yoo Slider allows Reflected XSS.This issue affects Yoo Slider: from n/a through 2.1.1.

Action-Not Available
Vendor-Yooslider
Product-Yoo Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31092
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.72%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:20
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comic Easel plugin <= 1.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip M. Hofer (Frumph) Comic Easel allows Reflected XSS.This issue affects Comic Easel: from n/a through 1.15.

Action-Not Available
Vendor-Philip M. Hofer (Frumph)
Product-Comic Easel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-2.11% / 83.83%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.

Action-Not Available
Vendor-sem-cmsn/asem-cms
Product-semcmsn/asemcms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52465
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-02 Dec, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LGPD Framework plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 LGPD Framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through 2.0.2.

Action-Not Available
Vendor-Data443
Product-LGPD Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31097
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.72%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:18
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Title Tag plugin <= 3.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stephan Spencer SEO Title Tag allows Reflected XSS.This issue affects SEO Title Tag: from n/a through 3.5.9.

Action-Not Available
Vendor-Stephan Spencer
Product-SEO Title Tag
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32133
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:07
Updated-02 Apr, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EZ Form Calculator plugin <= 2.14.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3.

Action-Not Available
Vendor-ezpluginsMichael Schuppenies
Product-ez_form_calculatorEZ Form Calculator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-3111
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.27%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 06:00
Updated-01 Aug, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H5P < 1.15.8 - Contributor+ Stored XSS

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues

Action-Not Available
Vendor-h5pUnknownh5p
Product-h5pInteractive Content h5p
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32145
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.38%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:03
Updated-02 Apr, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.This issue affects WP Google Analytics Events: from n/a through 2.8.0.

Action-Not Available
Vendor-wpgoaltrackerPineWise
Product-wp_google_analytics_eventsWP Google Analytics Events
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31256
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 17:48
Updated-22 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WebinarPress plugin <= 1.33.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.10.

Action-Not Available
Vendor-WebinarPress
Product-WebinarPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32138
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.69%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:05
Updated-02 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Short URL plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8.

Action-Not Available
Vendor-kaizencodersKaizenCoders
Product-short_urlShort URL
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52466
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.03%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-02 Dec, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Explara Events plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events allows Reflected XSS.This issue affects Explara Events: from n/a through 0.1.3.

Action-Not Available
Vendor-Explara
Product-Explara Events
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 00:00
Updated-18 Apr, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.

Action-Not Available
Vendor-bosscmsn/aSource Code & Projects
Product-bosscmsn/asimple_school_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31103
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.84%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:10
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.

Action-Not Available
Vendor-Kanban for WordPress
Product-Kanban Boards for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32149
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.23% / 45.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 06:31
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jobs for WordPress plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5.

Action-Not Available
Vendor-BlueGlass
Product-Jobs for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31110
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:57
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Newsletter plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2.

Action-Not Available
Vendor-Katz Web Services, Inc.
Product-Contact Form 7 Newsletter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31123
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:42
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SpiderFAQ plugin <= 1.3.2 - Cross Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2.

Action-Not Available
Vendor-WebDorado
Product-SpiderFAQ
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31107
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:02
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OpenID plugin <= 3.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1.

Action-Not Available
Vendor-DiSo Development Team
Product-OpenID
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-02 Dec, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Studio plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoets Awesome Studio allows Reflected XSS.This issue affects Awesome Studio: from n/a through 2.4.4.

Action-Not Available
Vendor-WPoets
Product-Awesome Studio
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 13:49
Updated-02 Dec, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GoQMieruca plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoQSystem Inc. GoQMieruca allows Reflected XSS.This issue affects GoQMieruca: from n/a through 1.0.0.

Action-Not Available
Vendor-GoQSystem Inc.
Product-GoQMieruca
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 17:51
Updated-08 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.

Action-Not Available
Vendor-ELEXtensions
Product-ELEX WooCommerce Dynamic Pricing and Discounts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30201
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.35% / 56.86%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 06:13
Updated-08 Jan, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Smart Import plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.

Action-Not Available
Vendor-xylusthemesXylus Themes
Product-wp_smart_importWordPress Importer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:38
Updated-02 Aug, 2024 | 01:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appointment Calendar plugin <= 2.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scientech It Solution Appointment Calendar allows Reflected XSS.This issue affects Appointment Calendar: from n/a through 2.9.6.

Action-Not Available
Vendor-Scientech It Solution
Product-Appointment Calendar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30447
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.45%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:51
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Creative Image Slider plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Solutions Creative Image Slider – Responsive Slider Plugin allows Reflected XSS.This issue affects Creative Image Slider – Responsive Slider Plugin: from n/a through 2.1.3.

Action-Not Available
Vendor-Creative Solutions
Product-Creative Image Slider – Responsive Slider Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.37% / 58.48%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 00:00
Updated-17 Jun, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.

Action-Not Available
Vendor-discuzn/acodersclub
Product-discuzxn/adiscuz\!ml
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29918
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.27%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 07:10
Updated-11 Apr, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Survey Maker plugin <= 4.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.

Action-Not Available
Vendor-AYS Pro Extensions
Product-survey_makerSurvey Maker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30550
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.11% / 30.16%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 19:57
Updated-10 Apr, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Action-Not Available
Vendor-WpDevArt
Product-galleryResponsive Image Gallery, Gallery Album
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-30196
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.45%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 06:37
Updated-02 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Social Share Buttons plugin <= 9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4.

Action-Not Available
Vendor-Appscreo
Product-Easy Social Share Buttons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29924
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.79%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 07:23
Updated-02 Aug, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Packages plugin <= 5.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2.

Action-Not Available
Vendor-W3 Eden, Inc.
Product-Premium Packages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 45
  • 46
  • Next
Details not found