Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-58830

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-05 Sep, 2025 | 13:45
Updated At-05 Sep, 2025 | 19:32
Rejected At-
Credits

WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js allows Stored XSS. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:05 Sep, 2025 | 13:45
Updated At:05 Sep, 2025 | 19:32
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js allows Stored XSS. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6.

Affected Products
Vendor
snagysandor
Product
Parallax Scrolling Enllax.js
Collection URL
https://wordpress.org/plugins
Package Name
parallax-scrolling-enllax-js
Default Status
unaffected
Versions
Affected
  • From n/a through 0.0.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Mika (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/parallax-scrolling-enllax-js/vulnerability/wordpress-parallax-scrolling-enllax-js-plugin-0-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/parallax-scrolling-enllax-js/vulnerability/wordpress-parallax-scrolling-enllax-js-plugin-0-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:05 Sep, 2025 | 14:15
Updated At:05 Sep, 2025 | 17:47

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snagysandor Parallax Scrolling Enllax.js allows Stored XSS. This issue affects Parallax Scrolling Enllax.js: from n/a through 0.0.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/parallax-scrolling-enllax-js/vulnerability/wordpress-parallax-scrolling-enllax-js-plugin-0-0-6-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/parallax-scrolling-enllax-js/vulnerability/wordpress-parallax-scrolling-enllax-js-plugin-0-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2523Records found
CVE-2022-31057
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.78%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 19:30
Updated-23 Apr, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Stored XSS in Shopware Administration

Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-shopwareshopware
Product-shopwareshopware
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetPopup plugin <= 2.0.15.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows Stored XSS. This issue affects JetPopup: from n/a through 2.0.15.1.

Action-Not Available
Vendor-Crocoblock
Product-JetPopup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.19%
||
7 Day CHG-0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder allows DOM-Based XSS. This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through 1.0.9.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-HT Mega – Absolute Addons for WPBakery Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-27265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 14:48
Updated-24 Feb, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps for WordPress: from n/a through 1.0.3.

Action-Not Available
Vendor-Aaron D. Campbell
Product-Google Maps for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53989
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 10:36
Updated-18 Jul, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Stored XSS. This issue affects JetBlocks For Elementor: from n/a through 1.3.19.

Action-Not Available
Vendor-Crocoblock
Product-JetBlocks For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Rentals Theme <= 3.13.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/a through 3.13.1.

Action-Not Available
Vendor-WpEstate
Product-WP Rentals
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-31064
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 73.32%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 19:50
Updated-22 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting in username that will trigger by sending chat

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

Action-Not Available
Vendor-bigbluebuttonbigbluebutton
Product-bigbluebuttonbigbluebutton
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53321
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Raise The Money plugin <= 5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money allows DOM-Based XSS. This issue affects Raise The Money: from n/a through 5.2.

Action-Not Available
Vendor-Raise The Money
Product-Raise The Money
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53301
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Junkie Theme Junkie Team Content allows DOM-Based XSS. This issue affects Theme Junkie Team Content: from n/a through 0.1.1.

Action-Not Available
Vendor-Theme Junkie
Product-Theme Junkie Team Content
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53294
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Agenda plugin <= 4.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda allows Stored XSS. This issue affects Smart Agenda: from n/a through 4.9.

Action-Not Available
Vendor-Smart Agenda
Product-Smart Agenda
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53279
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms allows DOM-Based XSS. This issue affects Popup addon for Ninja Forms: from n/a through 3.4.

Action-Not Available
Vendor-Aman
Product-Popup addon for Ninja Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53996
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetSearch plugin <= 3.5.10.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows Stored XSS. This issue affects JetSearch: from n/a through 3.5.10.1.

Action-Not Available
Vendor-Crocoblock
Product-JetSearch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54054
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 12 Step Meeting List Plugin <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: from n/a through 3.18.3.

Action-Not Available
Vendor-AA Web Servant
Product-12 Step Meeting List
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54023
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Delicious plugin <= 1.8.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4.

Action-Not Available
Vendor-WP Delicious
Product-WP Delicious
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53278
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP AdCenter plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0.

Action-Not Available
Vendor-WPeka
Product-WP AdCenter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26982
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 11:59
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DSGVO Youtube plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric-Oliver Mächler DSGVO Youtube allows DOM-Based XSS. This issue affects DSGVO Youtube: from n/a through 1.5.1.

Action-Not Available
Vendor-Eric-Oliver Mächler
Product-DSGVO Youtube
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26742
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.01%
||
7 Day CHG~0.00%
Published-25 Mar, 2025 | 14:37
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery for Social Photo plugin <= 1.0.0.35 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.

Action-Not Available
Vendor-GhozyLab
Product-Gallery for Social Photo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAdverts plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.5.

Action-Not Available
Vendor-Greg Winiarski
Product-WPAdverts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26904
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Responsive Auto Fit Text plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gal_op WP Responsive Auto Fit Text allows DOM-Based XSS. This issue affects WP Responsive Auto Fit Text: from n/a through 0.2.

Action-Not Available
Vendor-gal_op
Product-WP Responsive Auto Fit Text
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26951
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress C9 Blocks plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7.

Action-Not Available
Vendor-covertnine
Product-C9 Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26771
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.89%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 11:38
Updated-21 May, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKT Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.7.

Action-Not Available
Vendor-sonalsinha21Sonl Sinha (SKT Web Themes LLC)
Product-skt_blocksSKT Blocks – Gutenberg based Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:56
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RainbowNews theme <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7.

Action-Not Available
Vendor-99colorthemes
Product-RainbowNews
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-29880
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 72.58%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:47
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views.

Action-Not Available
Vendor-Siemens AG
Product-7kg8551-0aa12-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa31-2aa07kg8500-0aa30-2aa07kg8551-0aa32-2aa07kg8551-0aa01-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa32-0aa07kg8551-0aa02-0aa07kg8501-0aa31-0aa07kg8501-0aa12-0aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8551-0aa12-0aa07kg8501-0aa02-0aa0_firmware7kg8551-0aa31-2aa0_firmware7kg8551-0aa32-0aa07kg8551-0aa02-2aa0_firmware7kg8501-0aa11-0aa07kg8551-0aa01-2aa07kg8500-0aa00-2aa07kg8551-0aa31-0aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa07kg8501-0aa11-0aa0_firmware7kg8500-0aa10-0aa07kg8550-0aa00-0aa07kg8500-0aa00-2aa0_firmware7kg8501-0aa32-2aa07kg8500-0aa00-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8550-0aa00-2aa0_firmware7kg8501-0aa12-2aa07kg8551-0aa11-0aa07kg8501-0aa12-2aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa11-2aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa31-2aa07kg8551-0aa31-0aa07kg8500-0aa10-0aa0_firmware7kg8551-0aa12-2aa07kg8551-0aa11-2aa07kg8501-0aa11-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa00-0aa07kg8551-0aa01-2aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-2aa07kg8550-0aa30-0aa0_firmware7kg8500-0aa30-2aa0_firmware7kg8551-0aa01-0aa07kg8550-0aa10-0aa07kg8500-0aa10-2aa07kg8501-0aa12-0aa07kg8550-0aa00-0aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8501-0aa02-2aa07kg8551-0aa11-0aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8551-0aa02-2aa07kg8551-0aa32-0aa0_firmware7kg8501-0aa01-2aa07kg8501-0aa02-2aa0_firmware7kg8501-0aa32-0aa0_firmware7kg8501-0aa31-0aa0_firmware7kg8501-0aa01-0aa07kg8550-0aa10-2aa0_firmwareSICAM T
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53300
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in douglaskarr Podcast Feed Player Widget and Shortcode allows Stored XSS. This issue affects Podcast Feed Player Widget and Shortcode: from n/a through 2.2.0.

Action-Not Available
Vendor-douglaskarr
Product-Podcast Feed Player Widget and Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Elementor Addons plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows Stored XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.6.

Action-Not Available
Vendor-HashThemes
Product-Easy Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:45
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AuraMart theme <= 2.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techthemes AuraMart allows Stored XSS.This issue affects AuraMart: from n/a through 2.0.7.

Action-Not Available
Vendor-techthemes
Product-AuraMart
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products allows DOM-Based XSS. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.8.0.1.

Action-Not Available
Vendor-patternsinthecloud
Product-Autoship Cloud for WooCommerce Subscription Products
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53195
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetEngine plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.0.

Action-Not Available
Vendor-Crocoblock
Product-JetEngine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz allows DOM-Based XSS. This issue affects SpaBiz: from n/a through 1.0.18.

Action-Not Available
Vendor-burgersoftware
Product-SpaBiz
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26947
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Services Section block allows Stored XSS. This issue affects Services Section block: from n/a through 1.3.4.

Action-Not Available
Vendor-bPlugins
Product-Services Section block
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 11:38
Updated-18 Feb, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor allows Stored XSS. This issue affects Vertex Addons for Elementor: from n/a through 1.2.0.

Action-Not Available
Vendor-Webilia Inc.
Product-Vertex Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.27%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 06:08
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Scroll Triggered Box Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.

Action-Not Available
Vendor-noahkaganNoah Kagan
Product-scroll_triggered_boxScroll Triggered Box
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.98%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 06:02
Updated-16 Jan, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PJ News Ticker Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5.

Action-Not Available
Vendor-primitivPaul Jura & Nicolas Montigny
Product-pj_news_tickerPJ News Ticker
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wired Impact Volunteer Management plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wired Impact Wired Impact Volunteer Management allows Stored XSS. This issue affects Wired Impact Volunteer Management: from n/a through 2.5.

Action-Not Available
Vendor-Wired Impact
Product-Wired Impact Volunteer Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.0.

Action-Not Available
Vendor-WPFactory
Product-Additional Custom Product Tabs for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26962
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite allows Stored XSS. This issue affects Easy Contact Form Lite : from n/a through 1.1.25.

Action-Not Available
Vendor-GhozyLab
Product-Easy Contact Form Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53275
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka plugin <= 3.31.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows DOM-Based XSS. This issue affects Leyka: from n/a through 3.31.9.

Action-Not Available
Vendor-VaultDweller
Product-Leyka
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54051
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LightBox Block allows Stored XSS. This issue affects LightBox Block: from n/a through 1.1.30.

Action-Not Available
Vendor-bPlugins
Product-LightBox Block
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53202
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Blocks plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6.

Action-Not Available
Vendor-CyberChimps Inc.
Product-Responsive Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-18 Feb, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8.

Action-Not Available
Vendor-VaultDweller
Product-Leyka
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.21.35.

Action-Not Available
Vendor-Eli
Product-EZ SQL Reports Shortcode Widget and DB Backup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25097
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.20%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:58
Updated-23 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0.

Action-Not Available
Vendor-themencodeThemeNcode LLC
Product-tnc_pdf_viewerTNC PDF viewer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thumbnail Editor plugin <= 2.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor allows Stored XSS. This issue affects Thumbnail Editor: from n/a through 2.3.3.

Action-Not Available
Vendor-aviplugins.com
Product-Thumbnail Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.64%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR Tools plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound GDPR Tools allows Stored XSS. This issue affects GDPR Tools: from n/a through 1.0.2.

Action-Not Available
Vendor-NotFound
Product-GDPR Tools
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.89%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-23 May, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12.

Action-Not Available
Vendor-Themeum
Product-qubelyQubely – Advanced Gutenberg Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26897
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-25 Feb, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress List Related Attachments plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baden List Related Attachments allows DOM-Based XSS. This issue affects List Related Attachments: from n/a through 2.1.6.

Action-Not Available
Vendor-Baden
Product-List Related Attachments
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26745
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 11:59
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSTheme RS Elements Elementor Addon allows Stored XSS. This issue affects RS Elements Elementor Addon: from n/a through 1.1.5.

Action-Not Available
Vendor-RSTheme
Product-RS Elements Elementor Addon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26895
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-15 Mar, 2025 | 21:57
Updated-17 Mar, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList allows DOM-Based XSS. This issue affects m1.DownloadList: from n/a through 0.19.

Action-Not Available
Vendor-maennchen1.de
Product-m1.DownloadList
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-25082
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-07 Feb, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress flexIDX Home Search plugin <= 2.1.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2.

Action-Not Available
Vendor-Max Chirkov
Product-FlexIDX Home Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-50047
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.14%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:03
Updated-24 Jun, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sitekit plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9.

Action-Not Available
Vendor-webvitaly
Product-Sitekit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 32
  • 33
  • 34
  • ...
  • 50
  • 51
  • Next
Details not found