ByteOS Network

Vulnerability Details :

CVE-2025-60183

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-20 Feb, 2026 | 15:46

Updated At-27 Feb, 2026 | 16:57

WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silencesoft RSS Reader: from n/a through <= 0.6.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:20 Feb, 2026 | 15:46

Updated At:27 Feb, 2026 | 16:57

▼CVE Numbering Authority (CNA)

WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Affected Products

Vendor

silence

Product

Silencesoft RSS Reader

Collection URL

https://wordpress.org/plugins

Package Name

external-rss-reader

Default Status

unaffected

Versions

Affected

From n/a through <= 0.6 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacts

CAPEC ID	Description
CAPEC-592	Stored XSS

CAPEC ID: CAPEC-592

Description: Stored XSS

Credits

finder

Nabil Irawan | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:20 Feb, 2026 | 16:22

Updated At:27 Feb, 2026 | 17:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/external-rss-reader/vulnerability/wordpress-silencesoft-rss-reader-plugin-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1204Records found

CVE-2023-27426

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-30 Aug, 2023 | 12:57

Updated-24 Sep, 2024 | 19:22

WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

Vendor-notifyvisitors Notifyvisitors

Product-notifyvisitors NotifyVisitors

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35640

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.22%

7 Day CHG~0.00%

Published-03 Jun, 2024 | 07:16

Updated-02 Aug, 2024 | 03:14

WordPress Safety Exit plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0.

Vendor-Tomas Cordero

Product-Safety Exit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25064

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:40

Updated-19 Feb, 2025 | 21:40

WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions.

Vendor-wp_htpasswd_project Matteo Candura

Product-wp_htpasswd WP htpasswd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26010

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-04 May, 2023 | 13:20

Updated-25 Feb, 2025 | 20:38

WordPress WPMobile.App Plugin <= 11.18 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions.

Vendor-amauri WPMobile.App

Product-wpmobile.app WPMobile.App

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35732

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 28.91%

7 Day CHG~0.00%

Published-08 Jun, 2024 | 12:52

Updated-02 Aug, 2024 | 03:14

WordPress YITH Custom Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.

Vendor-Your Inspiration Solutions S.L.U. (YITH) (YITHEMES)

Product-yith_custom_login YITH Custom Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25059

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 52.54%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 08:40

Updated-10 Jan, 2025 | 19:03

WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.

Vendor-avalex avalex GmbH

Product-avalex avalex – Automatically secure legal texts

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25458

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-04 May, 2023 | 19:24

Updated-09 Jan, 2025 | 15:28

WordPress TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions.

Vendor-gmo GMO Internet Group, Inc.

Product-typesquare_webfonts_for_conoha TypeSquare Webfonts for ConoHa

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25958

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:15

Updated-09 Jan, 2025 | 15:16

WordPress Simple Tooltips Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.

Vendor-simple_tooltips_project Justin Saad

Product-simple_tooltips Simple Tooltips

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25460

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-12 May, 2023 | 15:19

Updated-09 Jan, 2025 | 15:16

WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions.

Vendor-codesolz CodeSolz

Product-easy_ad_manager Easy Ad Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25452

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:18

Updated-09 Jan, 2025 | 15:25

WordPress CMS Press Plugin <= 0.2.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.

Vendor-cms_press_project Michael Pretty (prettyboymp)

Product-cms_press CMS Press

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25465

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 09:52

Updated-19 Feb, 2025 | 21:24

WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-wp-tell-a-friend-popup-form wp tell a friend popup form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25484

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 16:50

Updated-09 Jan, 2025 | 15:34

WordPress Simple Yearly Archive Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions.

Vendor-simple_yearly_archive_project Oliver Schlöbe

Product-simple_yearly_archive Simple Yearly Archive

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25962

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-04 May, 2023 | 12:47

Updated-09 Jan, 2025 | 15:28

WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.

Vendor-Biplob Adhikari (Oxilab Development)

Product-accordions Accordion – Multiple Accordion or FAQs Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25702

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:39

Updated-10 Jan, 2025 | 18:57

WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Vendor-fullworksplugins Fullworks

Product-quick_paypal_payments Quick Paypal Payments

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26016

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-04 May, 2023 | 12:59

Updated-09 Jan, 2025 | 15:28

WordPress Simple Portfolio Gallery Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions.

Vendor-simple_portfolio_gallery_project Tauhidul Alam

Product-simple_portfolio_gallery Simple Portfolio Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25796

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 11:08

Updated-19 Feb, 2025 | 21:32

WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions.

Vendor-wp_baidu_submit_project Include

Product-wp_baidu_submit WP BaiDu Submit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26000

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.48%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:51

WordPress Bang tinh vay <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1.

Vendor-hanhdo205

Product-Bang tinh vay

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25710

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:34

Updated-09 Jan, 2025 | 15:35

WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.

Vendor-digitalblue DIGITALBLUE

Product-click_to_call_or_chat_buttons Click to Call or Chat Buttons

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25451

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-23 Apr, 2023 | 10:41

Updated-10 Jan, 2025 | 18:44

WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.

Vendor-wpchill WPChill

Product-cpo_content_types CPO Content Types

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25712

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:29

Updated-19 Feb, 2025 | 21:34

WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.

Vendor-wp-buddy WP-Buddy

Product-google_analytics_opt-out Google Analytics Opt-Out

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25992

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 20.81%

7 Day CHG~0.00%

Published-23 Mar, 2023 | 16:18

Updated-10 Jan, 2025 | 19:16

WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.

Vendor-cminds CreativeMindsSolutions

Product-cm_answers CM Answers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25052

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-08 May, 2023 | 12:39

Updated-09 Jan, 2025 | 15:25

WordPress Yandex.News Feed by Teplitsa Plugin <= 1.12.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions.

Vendor-te-st Teplitsa

Product-yandex.news_feed_by_teplitsa Yandex.News Feed by Teplitsa

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25795

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:28

Updated-13 Jan, 2025 | 15:50

WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions.

Vendor-wp-master WP-master.ir

Product-feed_changer_\&_remover Feed Changer & Remover

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25781

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-26 May, 2023 | 11:19

Updated-10 Oct, 2024 | 17:31

WordPress Upload File Type Settings Plugin Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.

Vendor-upload_file_type_settings_plugin_project Sebastian Krysmanski

Product-upload_file_type_settings_plugin Upload File Type Settings Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25782

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 09:49

Updated-02 Aug, 2024 | 11:32

WordPress Service Area Postcode Checker Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions.

Vendor-plustime Second2none

Product-service_area_postcode_checker Service Area Postcode Checker

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25491

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.40%

7 Day CHG~0.00%

Published-06 May, 2023 | 22:55

Updated-02 Aug, 2024 | 13:44

WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions.

Vendor-jch_optimize_project Samuel Marshall

Product-jch_optimize JCH Optimize

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35768

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.28% / 51.38%

7 Day CHG~0.00%

Published-21 Jun, 2024 | 12:27

Updated-27 Feb, 2026 | 21:46

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.

Vendor-blueastral Live Composer Team

Product-page_builder\Page Builder: Live Composer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25477

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 17.96%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 10:38

Updated-24 Sep, 2024 | 19:07

WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions.

Vendor-yotuwp Yotuwp

Product-video_gallery Video Gallery

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35646

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 29.22%

7 Day CHG~0.00%

Published-01 Jun, 2024 | 23:20

Updated-02 Aug, 2024 | 03:14

WordPress Smartarget Message Bar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smartarget Smartarget Message Bar allows Stored XSS.This issue affects Smartarget Message Bar: from n/a through 1.3.

Vendor-Smartarget

Product-Smartarget Message Bar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25977

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-04 May, 2023 | 19:36

Updated-09 Jan, 2025 | 15:27

WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions.

Vendor-9seeds 9seeds.com

Product-cpt_-_speakers CPT – Speakers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25464

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:03

Updated-10 Jan, 2025 | 18:57

WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.

Vendor-streamweasels StreamWeasels

Product-twitch_player Twitch Player

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 10:33

Updated-13 Jan, 2025 | 15:50

WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions.

Vendor-nooz_project Mighty Digital

Product-nooz Nooz

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35698

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.11% / 28.91%

7 Day CHG~0.00%

Published-08 Jun, 2024 | 14:19

Updated-29 Aug, 2024 | 17:11

WordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0.

Vendor-Your Inspiration Solutions S.L.U. (YITH) (YITHEMES)

Product-yith_woocommerce_tab_manager YITH WooCommerce Tab Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25792

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:15

Updated-19 Feb, 2025 | 21:32

WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions.

Vendor-wp_open_social_project XiaoMac

Product-wp_open_social WP Open Social

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35769

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.22% / 44.36%

7 Day CHG~0.00%

Published-21 Jun, 2024 | 12:07

Updated-02 Aug, 2024 | 03:14

WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17.

Vendor-slideshow_se_project John West

Product-slideshow_se Slideshow SE

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25984

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.09%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 12:07

Updated-25 Sep, 2024 | 16:50

WordPress Dovetail Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.

Vendor-rigorous-digital Rigorous & Factory Pattern

Product-dovetail Dovetail

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25062

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.40% / 60.37%

7 Day CHG~0.00%

Published-06 Apr, 2023 | 13:59

Updated-10 Jan, 2025 | 19:03

WordPress Pinpoint Booking System Plugin <= 2.9.9.2.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.

Vendor-pinpoint PINPOINT.WORLD

Product-pinpoint_booking_system Pinpoint Booking System

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25490

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 11:46

Updated-09 Jan, 2025 | 15:34

WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Vendor-archivist_-_custom_archive_templates_project Eric Teubert

Product-archivist_-_custom_archive_templates Archivist – Custom Archive Templates

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26001

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.48%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 12:54

Updated-06 Jun, 2025 | 14:27

WordPress Next Event Calendar <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a through 1.2.

Vendor-Marchetti Design

Product-Next Event Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25974

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-16 Jun, 2023 | 11:09

Updated-10 Oct, 2024 | 18:55

WordPress wp2syslog Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions.

Vendor-wp2syslog_project psicosi448

Product-wp2syslog wp2syslog

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25704

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 08:19

Updated-10 Jan, 2025 | 19:15

WordPress Interactive SVG Image Map Builder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin <= 1.0 versions.

Vendor-wpmart Mehjabin Orthi

Product-interactive_svg_image_map_builder Interactive SVG Image Map Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25787

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:29

Updated-09 Jan, 2025 | 15:32

WordPress WP资源下载管理 Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP资源下载管理 plugin <= 1.3.9 versions.

Vendor-wp_resource_download_management_project Wbolt team

Product-wp_resource_download_management WP资源下载管理

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25972

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-15 Jun, 2023 | 12:28

Updated-02 Aug, 2024 | 11:39

WordPress Старт Plugin <= 3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress Старт plugin <= 3.7 versions.

Vendor-iksweb IKSWEB

Product-wordpress_ctapt WordPress Старт

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25485

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-25 Apr, 2023 | 18:33

Updated-09 Jan, 2025 | 15:34

WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.

Vendor-json-content-importer Bernhard Kux

Product-json_content_importer JSON Content Importer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25705

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 12:33

Updated-19 Feb, 2025 | 21:34

WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.

Vendor-goprayer Go Prayer

Product-wp_prayer WP Prayer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-26017

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 15:24

Updated-19 Feb, 2025 | 21:31

WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.

Vendor-blueglass BlueGlass

Product-jobs_for_wordpress Jobs for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25786

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:47

Updated-09 Jan, 2025 | 15:31

WordPress Eyes Only: User Access Shortcode Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.

Vendor-eyes_only_user_access_shortcode_project Thom Stark

Product-eyes_only_user_access_shortcode Eyes Only: User Access Shortcode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25716

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-07 Apr, 2023 | 11:58

Updated-02 Aug, 2024 | 13:44

WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.

Vendor-announce_from_the_dashboard_project gqevu6bsiz

Product-announce_from_the_dashboard Announce from the Dashboard

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25964

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.62%

7 Day CHG~0.00%

Published-13 Jun, 2023 | 14:07

Updated-01 Nov, 2024 | 14:02

WordPress We’re Open! Plugin <= 1.46 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions.

Vendor-designextreme Noah Hearle, Design Extreme

Product-we\'re_open\!We’re Open!

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-25789

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.56%

7 Day CHG~0.00%

Published-03 May, 2023 | 10:43

Updated-02 Aug, 2024 | 13:44

WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions.

Vendor-tapfiliate Tapfiliate

Product-tapfiliate Tapfiliate

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-60183

Credits

WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs