Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-58633

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-03 Sep, 2025 | 14:36
Updated At-03 Sep, 2025 | 17:48
Rejected At-
Credits

WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:03 Sep, 2025 | 14:36
Updated At:03 Sep, 2025 | 17:48
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.

Affected Products
Vendor
Deetronix
Product
Booking Ultra Pro
Collection URL
https://wordpress.org/plugins
Package Name
booking-ultra-pro
Default Status
unaffected
Versions
Affected
  • From n/a through 1.1.21 (custom)
    • -> unaffectedfrom1.1.22
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions

Update the WordPress Booking Ultra Pro plugin to the latest available version (at least 1.1.22).

Configurations
Workarounds
Exploits
Credits
finder
Muhammad Yudha - DJ (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/booking-ultra-pro/vulnerability/wordpress-booking-ultra-pro-plugin-1-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/booking-ultra-pro/vulnerability/wordpress-booking-ultra-pro-plugin-1-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:03 Sep, 2025 | 15:15
Updated At:04 Sep, 2025 | 15:35

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/booking-ultra-pro/vulnerability/wordpress-booking-ultra-pro-plugin-1-1-21-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/booking-ultra-pro/vulnerability/wordpress-booking-ultra-pro-plugin-1-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2513Records found
CVE-2025-30637
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.09%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking Ultra Pro <= 1.1.20 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.20.

Action-Not Available
Vendor-Deetronix
Product-Booking Ultra Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-27345
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 40.23%
||
7 Day CHG+0.13%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking Ultra Pro Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Reflected XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.19.

Action-Not Available
Vendor-Deetronix
Product-Booking Ultra Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24623
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:29
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Neoforum plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.

Action-Not Available
Vendor-saeros1984
Product-Neoforum
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49307
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 18:49
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Management Xtended plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6.

Action-Not Available
Vendor-Oliver Schlöbe
Product-Admin Management Xtended
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-03 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.

Action-Not Available
Vendor-Craig Hewitt
Product-Seriously Simple Podcasting
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49241
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 09:44
Updated-21 Oct, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3.

Action-Not Available
Vendor-tadywalshTady Walsh
Product-titoTito
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.45%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 18:26
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themesflat Addons For Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0.

Action-Not Available
Vendor-Themesflat
Product-Themesflat Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 09:54
Updated-21 Oct, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajax Custom CSS/JS plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Harpreet Singh Ajax Custom CSS/JS allows Reflected XSS.This issue affects Ajax Custom CSS/JS: from n/a through 2.0.4.

Action-Not Available
Vendor-harpreetsinghHarpreet Singh
Product-ajax_custom_css\/jsAjax Custom CSS/JS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:29
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stylish Cost Calculator plugin <= 8.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.8.

Action-Not Available
Vendor-Design
Product-Stylish Cost Calculator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-24617
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:29
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Modal plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.

Action-Not Available
Vendor-Daniel Iser
Product-Easy Modal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.36%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 10:57
Updated-08 Nov, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9.

Action-Not Available
Vendor-affiliatexblocksAffiliateX
Product-affiliatexAffiliateX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22347
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-27 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through <= 3.3.2.

Action-Not Available
Vendor-subhansanjaya
Product-Carousel Horizontal Posts Content Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 16:19
Updated-08 Jan, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.

Action-Not Available
Vendor-BuddyDev
Product-MediaPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-51403
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.98%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 06:17
Updated-05 Sep, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Restaurant Reservations Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8.

Action-Not Available
Vendor-nicdarkNicdark
Product-restaurant_reservationsRestaurant Reservations
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52195
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.98%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 09:43
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Posts to Page Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7.

Action-Not Available
Vendor-kerryjamesPosts to Page
Product-posts_to_pageKerry James
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49289
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:09
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cooked Pro plugin < 1.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0.

Action-Not Available
Vendor-Gora Tech LLC
Product-Cooked Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 16:21
Updated-08 Jan, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.

Action-Not Available
Vendor-pencilwp
Product-X Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 12:41
Updated-08 Nov, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.6.

Action-Not Available
Vendor-kraftpluginsKraftpluginskraftplugins
Product-mega_elementsMega Elementsmega_elements
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49264
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.36%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:26
Updated-24 Mar, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Events Addon for Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows Stored XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.0.

Action-Not Available
Vendor-nicheaddonsNicheAddons
Product-events_addon_for_elementorEvents Addon for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49233
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 09:50
Updated-21 Oct, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MAS Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MadrasThemes MAS Elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through 1.1.6.

Action-Not Available
Vendor-madrasthemesMadrasThemes
Product-mas_elementorMAS Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49292
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.45%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:07
Updated-06 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exclusive Addons for Elementor plugin <= 2.7.1 - Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1.

Action-Not Available
Vendor-exclusiveaddonsExclusive Addons
Product-exclusive_addons_for_elementorExclusive Addons Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49234
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 09:49
Updated-21 Oct, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plexx Elementor Extension plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in themeworm Plexx Elementor Extension allows Stored XSS.This issue affects Plexx Elementor Extension: from n/a through 1.3.4.

Action-Not Available
Vendor-themewormthemeworm
Product-plexx_elementor_extensionPlexx Elementor Extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49298
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:02
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PeproDev Ultimate Invoice plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6.

Action-Not Available
Vendor-Pepro Dev. Group
Product-PeproDev Ultimate Invoice
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49302
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 18:50
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.

Action-Not Available
Vendor-Portfoliohub
Product-WordPress Portfolio Builder – Portfolio Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-36806
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 18:47
Updated-13 Feb, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contao cross site scripting vulnerability via input unit widget

Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.

Action-Not Available
Vendor-Contao Association
Product-contaocontaocontao
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.36%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 15:33
Updated-30 Oct, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6.

Action-Not Available
Vendor-bookingPartnerships at Booking.com
Product-banner_creatorBooking.com Banner Creator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49267
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 14:39
Updated-16 Oct, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Addon For Elementor plugin <=2.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0.

Action-Not Available
Vendor-nayon46
Product-Unlimited Addon For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:34
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Da Reactions plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Daniele Alessandra Da Reactions allows Stored XSS.This issue affects Da Reactions: from n/a through 5.1.5.

Action-Not Available
Vendor-Daniele Alessandra
Product-Da Reactions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:32
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arkhe Blocks plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0.

Action-Not Available
Vendor-LOOS,Inc.
Product-Arkhe Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49631
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:47
Updated-24 Oct, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md Abdul Kader Easy Addons for Elementor allows Stored XSS.This issue affects Easy Addons for Elementor: from n/a through 1.3.0.

Action-Not Available
Vendor-mdabdulkaderMd Abdul Kader
Product-easy_addons_for_elementorEasy Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49259
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.36%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:33
Updated-24 Mar, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Primary Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.8.

Action-Not Available
Vendor-nicheaddonsNicheAddons
Product-primary_addon_for_elementorPrimary Addon for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49665
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.33%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 11:20
Updated-01 Nov, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Web Bricks Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1.

Action-Not Available
Vendor-webbricksWeb Bricks
Product-web_bricks_addonsWeb Bricks Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49301
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 18:52
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress G Meta Keywords plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sinan Yorulmaz G Meta Keywords allows Stored XSS.This issue affects G Meta Keywords: from n/a through 1.4.

Action-Not Available
Vendor-Sinan Yorulmaz
Product-G Meta Keywords
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:29
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Country Flags for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1.

Action-Not Available
Vendor-wepic
Product-Country Flags for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47329
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:03
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementsReady Addons for Elementor plugin <= 6.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.

Action-Not Available
Vendor-QuomodoSoft
Product-ElementsReady Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47303
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.57%
||
7 Day CHG+0.03%
Published-25 Sep, 2024 | 08:01
Updated-02 Oct, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elementor Addons by Livemesh plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.

Action-Not Available
Vendor-livemeshelementorLivemesh
Product-addons_for_elementorLivemesh Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47396
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 01:25
Updated-22 Jan, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Move Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.3.

Action-Not Available
Vendor-moveaddonsmoveaddons
Product-move_addons_for_elementorMove Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-9227
Matching Score-4
Assigner-Zohocorp
ShareView Details
Matching Score-4
Assigner-Zohocorp
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 13:29
Updated-12 Nov, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.
Product-ManageEngine OpManager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47357
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 09:58
Updated-07 Jan, 2025 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Happy Addons for Elementor plugin <= 3.12.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0.

Action-Not Available
Vendor-leevioLeevio
Product-happy_addons_for_elementorHappy Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47382
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:56
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page-list plugin <= 5.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6.

Action-Not Available
Vendor-Webvitaly
Product-Page-list
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48025
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 12:23
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Baseball Scoreboard plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3.

Action-Not Available
Vendor-DOGROW.NET
Product-Simple Baseball Scoreboard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:46
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4.

Action-Not Available
Vendor-Kraftplugins
Product-Mega Elements
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47368
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 09:42
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Blocks plugin <= 2.1.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33.

Action-Not Available
Vendor-Leap13
Product-Premium Blocks – Gutenberg Blocks for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47342
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 10:48
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accordion plugin <= 2.2.99 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99.

Action-Not Available
Vendor-PickPlugins
Product-Accordion
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-7916
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.32%
||
7 Day CHG~0.00%
Published-06 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

Action-Not Available
Vendor-sauter-controlsn/a
Product-moduweb_visionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47632
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 13:10
Updated-13 Mar, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DethemeKit For Elementor plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7.

Action-Not Available
Vendor-dethemedeTheme
Product-dethemekit_for_elementorDethemeKit For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47364
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 09:48
Updated-22 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Move Addons for Elementor plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4.

Action-Not Available
Vendor-moveaddonsMove addons
Product-move_addons_for_elementorMove Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47391
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:44
Updated-07 Jan, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1.

Action-Not Available
Vendor-BoldThemes
Product-bold_page_builderBold Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47643
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:56
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fussball.De Widgets: from n/a through 4.0.0.

Action-Not Available
Vendor-Alexander Böhm
Product-Include Fussball.de Widgets
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47622
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.32%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 14:36
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Woo Labels plugin <= 2.01 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01.

Action-Not Available
Vendor-ILLID
Product-Advanced Woo Labels
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 50
  • 51
  • Next
Details not found