Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-53220

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-28 Aug, 2025 | 12:37
Updated At-28 Aug, 2025 | 15:13
Rejected At-
Credits

WordPress XmasB Quotes Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:28 Aug, 2025 | 12:37
Updated At:28 Aug, 2025 | 15:13
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress XmasB Quotes Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1.

Affected Products
Vendor
XmasB
Product
XmasB Quotes
Collection URL
https://wordpress.org/plugins
Package Name
xmasb-quotes
Default Status
unaffected
Versions
Affected
  • From n/a through 1.6.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Skalucy (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/xmasb-quotes/vulnerability/wordpress-xmasb-quotes-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/xmasb-quotes/vulnerability/wordpress-xmasb-quotes-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:28 Aug, 2025 | 13:16
Updated At:29 Aug, 2025 | 16:24

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/xmasb-quotes/vulnerability/wordpress-xmasb-quotes-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/xmasb-quotes/vulnerability/wordpress-xmasb-quotes-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2021Records found
CVE-2024-13863
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.57%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 06:00
Updated-29 Apr, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stylish Google Sheet Reader < 4.1 - Reflected XSS

The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-wppluginboxUnknown
Product-stylish_google_sheet_readerStylish Google Sheet Reader 4.0
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13668
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 09:49
Updated-21 May, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Activity O Meter <= 1 - Reflected XSS

The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.

Action-Not Available
Vendor-erwinwolffUnknown
Product-wordpress_activity-o-meterWordPress Activity O Meter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13626
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 06:00
Updated-23 May, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VR Frases <= 3.0.1 - Reflected XSS

The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-vruizUnknown
Product-vr-frasesVR-Frases (collect & share quotes)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8281
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.67%
||
7 Day CHG+0.02%
Published-22 Aug, 2025 | 06:00
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Talroo <= 2.4 - Reflected XSS

The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users.

Action-Not Available
Vendor-Unknown
Product-WP Talroo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13875
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG+0.01%
Published-20 Mar, 2025 | 06:00
Updated-10 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Programmmanager <= 1.2 - Reflected XSS

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-mantus667Unknown
Product-wp-pmanagerWP-PManager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13891
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 06:00
Updated-29 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Schedule <= 1.0.0 - Reflected XSS

The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-schedulerUnknown
Product-scheduleSchedule
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13633
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-20 May, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Catalogue <= 1.0.2 - Reflected XSS

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-fb-creationsUnknown
Product-simple_catalogueSimple catalogue
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13571
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-15 May, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Timeline < 2.3.10 - Reflected XSS

The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-UnknownAgile Logix
Product-post_timelinePost Timeline
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13874
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.90%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 06:00
Updated-30 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feedify – Web Push Notifications < 2.4.6 - Reflected XSS

The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-feedifyUnknown
Product-web_push_notificationsFeedify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13624
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-15 May, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPMovieLibrary <= 2.1.4.8 - Reflected XSS

The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-caercamUnknown
Product-wpmovielibraryWPMovieLibrary
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1437
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.89%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:12
Updated-01 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2.

Action-Not Available
Vendor-adspluginJosé Fernandez
Product-adsmonetizerAdsmonetizer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13574
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 06:00
Updated-29 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XV Random Quotes <= 1.40 - Reflected XSS

The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-xavivarsUnknown
Product-xv_random_quotesXV Random Quotes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 23:29
Updated-25 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Store Finder plugin <= 6.9.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

Action-Not Available
Vendor-Super Store Finder
Product-super_store_finderSuper Store Finder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13094
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.37%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 06:00
Updated-07 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Triggers Lite <= 2.5.3 - Reflected XSS

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-wptriggersUnknown
Product-wp_triggers_liteWP Triggers Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12633
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.30%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 05:23
Updated-07 Jan, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-beardev
Product-JoomSport – for Sports: Team & League, Football, Hockey & more
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13056
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.35%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 06:00
Updated-07 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dyn Business Panel <= 1.0.0 - Reflected XSS

The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-phycticioUnknown
Product-dyn_business_panelDyn Business Panel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12321
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.88%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 06:00
Updated-13 May, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WC Affiliate <= 2.3.9 - Reflected XSS

The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-codexpertUnknown
Product-wc_affiliateWC Affiliate
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11402
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.36%
||
7 Day CHG+0.01%
Published-28 Nov, 2024 | 11:00
Updated-28 Nov, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.

Action-Not Available
Vendor-WP-speedup
Product-Block Editor Bootstrap Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.99%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 08:32
Updated-10 Oct, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.

Action-Not Available
Vendor-tms-outsourceTMS
Product-ameliaBooking for Appointments and Events Calendar – Amelia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28447
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.38% / 58.30%
||
7 Day CHG-0.03%
Published-28 Mar, 2023 | 20:07
Updated-13 Feb, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting vulnerability in Javascript escaping in smarty/smarty

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-smartysmarty-phpFedora Project
Product-smartyfedorasmarty
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10483
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.56%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 06:00
Updated-15 May, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimplePress Forum < 6.10.11 - Reflected XSS

The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

Action-Not Available
Vendor-simplepressUnknown
Product-simplepressSimple:Press Forum
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-31127
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.59% / 68.25%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 18:00
Updated-22 Apr, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper handling of email input in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `balazs@email.com, <a href="http://attacker.com">Before signing in, claim your money!</a>`. This was previously sent to `balazs@email.com`, and the content of the email containing a link to the attacker's site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven't created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it.

Action-Not Available
Vendor-nextauth.jsnextauthjs
Product-next-authnext-auth
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-27432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.99%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 13:02
Updated-10 Oct, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Manage Upload Limit Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions.

Action-Not Available
Vendor-manage_upload_limit_projectWpSimpleTools
Product-manage_upload_limitManage Upload Limit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29130
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.16% / 37.63%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 13:55
Updated-25 Feb, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 – PayPal & Stripe Add-on plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0.

Action-Not Available
Vendor-wppluginScott Paterson
Product-paypal_\&_stripe_add-onContact Form 7 – PayPal & Stripe Add-on
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-37459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.96%
||
7 Day CHG+0.02%
Published-21 Jul, 2024 | 22:10
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayPlus Payment Gateway plugin <= 6.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8.

Action-Not Available
Vendor-payplusPayPlus LTDpayplus_ltd
Product-payplus_payment_gatewayPayPlus Payment Gatewaypayplus_payment_gateway
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35734
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 42.54%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:49
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.

Action-Not Available
Vendor-CodePeople
Product-wp_time_slots_booking_formWP Time Slots Booking Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.28%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 12:28
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPPizza – A Restaurant Plugin plugin <= 3.18.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13.

Action-Not Available
Vendor-wp-pizzaollybach
Product-wppizzaWPPizza
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33975
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 10:54
Updated-15 Aug, 2024 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33978
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 11:00
Updated-15 Aug, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in Janobe E-Negosyo System

Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'category' parameter in '/index.php'.

Action-Not Available
Vendor-janobe
Product-young_entrepreneur_e-negosyo_systemE-Negosyo System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-31609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 00:00
Updated-18 Apr, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.

Action-Not Available
Vendor-bosscmsn/aSource Code & Projects
Product-bosscmsn/asimple_school_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-32533
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.45%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 08:45
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LH Add Media From Url plugin <= 1.22 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Add Media From Url allows Reflected XSS.This issue affects LH Add Media From Url: from n/a through 1.22.

Action-Not Available
Vendor-Peter Shaw
Product-LH Add Media From Url
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29879
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 13:51
Updated-24 Jan, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in Sentrifugo

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

Action-Not Available
Vendor-sapplicaSentrifugo
Product-sentrifugoSentrifugo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29116
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 14:54
Updated-02 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooThumbs for WooCommerce by Iconic plugin <= 5.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3.

Action-Not Available
Vendor-Iconic
Product-WooThumbs for WooCommerce by Iconic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27962
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 41.82%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 16:46
Updated-14 Feb, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wp-mpdf plugin <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1.

Action-Not Available
Vendor-fkrauthanFlorian 'fkrauthan' Krauthan
Product-wp-mpdfwp-mpdf
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27999
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.16% / 37.06%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:50
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Preview E-mails for WooCommerce plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1.

Action-Not Available
Vendor-Digamber Pradhan
Product-Preview E-mails for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7197
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:09
Updated-11 Jun, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Action-Not Available
Vendor-corbyboyUnknown
Product-marketing_twitter_botMarketing Twitter Bot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-48162
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Business Directory Pro <= 15.5.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Business Directory Pro allows Reflected XSS. This issue affects Simple Business Directory Pro: from n/a through 15.5.1.

Action-Not Available
Vendor-quantumcloud
Product-Simple Business Directory Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-49274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:18
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Neom Blog theme <= 0.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awplife Neom Blog allows Reflected XSS. This issue affects Neom Blog: from n/a through 0.0.9.

Action-Not Available
Vendor-A WP Life
Product-Neom Blog
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27987
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 10:26
Updated-02 Aug, 2024 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1.

Action-Not Available
Vendor-GiveWP
Product-Give
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:02
Updated-20 Aug, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3.

Action-Not Available
Vendor-WebCodingPlace
Product-Real Estate Manager Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7174
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:09
Updated-11 Jun, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Action-Not Available
Vendor-abitgoneUnknown
Product-abitgone_commentsafeaBitGone CommentSafe
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54055
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:02
Updated-20 Aug, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Druco <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2.

Action-Not Available
Vendor-skygroup
Product-Druco
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54724
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.87%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-29 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1.

Action-Not Available
Vendor-uxper
Product-Golo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54056
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:02
Updated-20 Aug, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.8.

Action-Not Available
Vendor-LambertGroup
Product-Responsive HTML5 Audio Player PRO With Playlist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53225
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.87%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-29 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eboekhouden e-Boekhouden.nl allows Reflected XSS. This issue affects e-Boekhouden.nl: from n/a through 1.9.3.

Action-Not Available
Vendor-eboekhouden
Product-e-Boekhouden.nl
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53212
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Revolution Video Player With Bottom Playlist <= 2.9.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist allows Reflected XSS. This issue affects Revolution Video Player With Bottom Playlist: from n/a through 2.9.2.

Action-Not Available
Vendor-LambertGroup
Product-Revolution Video Player With Bottom Playlist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53319
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Raptive Ads Plugin <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0.

Action-Not Available
Vendor-Raptive
Product-Raptive Ads
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-52777
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:27
Updated-16 Jul, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsMinds Pay with Contact Form 7 allows Reflected XSS. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.

Action-Not Available
Vendor-cmsMinds
Product-Pay with Contact Form 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-52787
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:27
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tennis Court Bookings plugin <= 1.2.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EZiHosting Tennis Court Bookings allows Reflected XSS. This issue affects Tennis Court Bookings: from n/a through 1.2.7.

Action-Not Available
Vendor-EZiHosting
Product-Tennis Court Bookings
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-52779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:27
Updated-16 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.

Action-Not Available
Vendor-karimmughal
Product-Dot html,php,xml etc pages
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 40
  • 41
  • Next
Details not found