ByteOS Network

Vulnerability Details :

CVE-2025-62140

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-31 Dec, 2025 | 13:24

Updated At-28 Apr, 2026 | 16:14

WordPress Locatoraid Store Locator plugin <= 3.9.68 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware Locatoraid Store Locator locatoraid allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through <= 3.9.68.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:31 Dec, 2025 | 13:24

Updated At:28 Apr, 2026 | 16:14

▼CVE Numbering Authority (CNA)

WordPress Locatoraid Store Locator plugin <= 3.9.68 - Cross Site Scripting (XSS) vulnerability

Affected Products

Vendor

plainware

Product

Locatoraid Store Locator

Collection URL

https://wordpress.org/plugins

Package Name

locatoraid

Default Status

unaffected

Versions

Affected

From 0 through 3.9.68 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-592	Stored XSS

CAPEC ID: CAPEC-592

Description: Stored XSS

Credits

finder

Dr. M Fahad Khan | Patchstack Bug Bounty Program

References

Hyperlink	Resource
https://patchstack.com/database/Wordpress/Plugin/locatoraid/vulnerability/wordpress-locatoraid-store-locator-plugin-3-9-65-cross-site-scripting-xss-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/locatoraid/vulnerability/wordpress-locatoraid-store-locator-plugin-3-9-65-cross-site-scripting-xss-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:31 Dec, 2025 | 14:15

Updated At:23 Apr, 2026 | 15:34

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	audit@patchstack.com

CWE ID: CWE-79

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/Wordpress/Plugin/locatoraid/vulnerability/wordpress-locatoraid-store-locator-plugin-3-9-65-cross-site-scripting-xss-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/Wordpress/Plugin/locatoraid/vulnerability/wordpress-locatoraid-store-locator-plugin-3-9-65-cross-site-scripting-xss-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

1268Records found

CVE-2023-41729

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 07:39

Updated-28 Apr, 2026 | 16:08

WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.

Vendor-pressified SendPress

Product-sendpress SendPress Newsletters

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41949

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-25 Sep, 2023 | 00:31

Updated-28 Apr, 2026 | 16:08

WordPress iFolders Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.

Vendor-avirtum Avirtum

Product-ifolders iFolders

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41655

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-29 Sep, 2023 | 13:24

Updated-28 Apr, 2026 | 16:08

WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions.

Vendor-heiglandreas Andreas Heigl

Product-authldap authLdap

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41948

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-25 Sep, 2023 | 00:36

Updated-28 Apr, 2026 | 16:08

WordPress Cookie Notice & Consent Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions.

Vendor-christophrado Christoph Rado

Product-cookie_notice_\&_consent Cookie Notice & Consent

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41661

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.09% / 24.93%

7 Day CHG~0.00%

Published-29 Sep, 2023 | 13:36

Updated-28 Apr, 2026 | 16:08

WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.

Vendor-smarty PressPage Entertainment Inc.

Product-smarty Smarty for WordPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41657

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-29 Sep, 2023 | 13:29

Updated-28 Apr, 2026 | 16:08

WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.

Vendor-Groundhogg (Groundhogg Inc.)

Product-hollerbox HollerBox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41736

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:00

Updated-28 Apr, 2026 | 16:08

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.

Vendor-gopiplus Gopi Ramasamy

Product-email_posts_to_subscribers Email posts to subscribers

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41800

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 08:24

Updated-28 Apr, 2026 | 16:08

WordPress UniConsent Cookie Consent CMP for GDPR / CCPA Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.

Vendor-uniconsent UniConsent

Product-cmp_for_gdpr_cpra_gpp_tcf UniConsent CMP for GDPR CPRA GPP TCF

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41733

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-02 Oct, 2023 | 07:49

Updated-28 Apr, 2026 | 16:08

WordPress Back To The Top Button Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions.

Vendor-yydevelopment YYDevelopment

Product-back_to_the_top_button Back To The Top Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40604

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 05:18

Updated-28 Apr, 2026 | 16:08

WordPress Cookies by JM Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions.

Vendor-jesmadsen Jes Madsen

Product-cookies_by_jm Cookies by JM

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41127

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.82%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:19

Updated-28 Apr, 2026 | 16:08

WordPress Evergreen Content Poster Plugin <= 1.3.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.

Vendor-evergreencontentposter Evergreen Content Poster

Product-evergreen_content_poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41136

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.82%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:13

Updated-28 Apr, 2026 | 16:08

WordPress Simple Long Form Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2.

Vendor-ohmybox Laurence/OhMyBox.info

Product-simple_long_form Simple Long Form

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40676

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 06:45

Updated-28 Apr, 2026 | 16:08

WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions.

Vendor-wp-slimstat Jason Crouse, VeronaLabs

Product-slimstat_analytics Slimstat Analytics

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41128

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.82%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 12:16

Updated-28 Apr, 2026 | 16:08

WordPress WP Roadmap Plugin <= 1.0.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.

Vendor-iqonic Iqonic Design

Product-wp_roadmap WP Roadmap – Product Feedback Board

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40675

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 32.45%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:22

Updated-28 Apr, 2026 | 16:08

WordPress Landing Page Builder Plugin <= 1.5.1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions.

Vendor-pluginops PluginOps

Product-landing_page_builder Landing Page Builder

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40560

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:08

Updated-28 Apr, 2026 | 16:08

WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

Vendor-toolstack Greg Ross

Product-schedule_posts_calendar Schedule Posts Calendar

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40680

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.25% / 48.64%

7 Day CHG+0.06%

Published-30 Nov, 2023 | 12:21

Updated-28 Apr, 2026 | 16:08

WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.

Vendor-yoast Team Yoast

Product-yoast_seo Yoast SEO

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40552

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:11

Updated-28 Apr, 2026 | 16:08

WordPress Fitness calculators plugin Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators plugin plugin <= 2.0.7 versions.

Vendor-codeinitiator Gurcharan Singh

Product-fitness_calculators_plugin Fitness calculators plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40677

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 07:25

Updated-28 Apr, 2026 | 16:08

WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions.

Vendor-gopiplus Gopi Ramasamy

Product-vertical_marquee Vertical marquee plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40668

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 32.45%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 06:31

Updated-28 Apr, 2026 | 16:08

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions.

Vendor-pdfcrowd Pdfcrowd

Product-save_as_pdf Save as PDF plugin by Pdfcrowd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40665

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 06:24

Updated-28 Apr, 2026 | 16:08

WordPress Save as Image plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions.

Vendor-pdfcrowd Pdfcrowd

Product-save_as_image Save as Image plugin by Pdfcrowd

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40681

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-31 Oct, 2023 | 09:48

Updated-28 Apr, 2026 | 16:08

WordPress Groundhogg Plugin <= 2.7.11.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions.

Vendor-Groundhogg (Groundhogg Inc.)

Product-groundhogg Groundhogg

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41242

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 32.45%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 12:36

Updated-28 Apr, 2026 | 16:08

WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.

Vendor-creativehassan Hassan Ali

Product-snap_pixel Snap Pixel

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41241

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.15% / 34.78%

7 Day CHG~0.00%

Published-27 Sep, 2023 | 12:32

Updated-28 Apr, 2026 | 16:08

WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions.

Vendor-surecart SureCart

Product-surecart WordPress Ecommerce For Creating Fast Online Stores

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39924

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 33.38%

7 Day CHG~0.00%

Published-24 Oct, 2023 | 11:51

Updated-28 Apr, 2026 | 16:08

WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.

Vendor-simplefilelist Mitchell Bennis

Product-simple_file_list Simple File List

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39919

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.07% / 21.04%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:01

Updated-28 Apr, 2026 | 16:08

WordPress wpShopGermany – Protected Shops Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany – Protected Shops plugin <= 2.0 versions.

Vendor-maennchen1 maennchen1.de

Product-wpshopgermany_-_protected_shops wpShopGermany – Protected Shops

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40007

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:29

Updated-28 Apr, 2026 | 16:08

WordPress CT Commerce Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwol Bastakoti CT Commerce plugin <= 2.0.1 versions.

Vendor-ujwolbastakoti Ujwol Bastakoti

Product-ct_commerce CT Commerce

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40206

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:43

Updated-28 Apr, 2026 | 16:08

WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <= 1.0.3 versions.

Vendor-hwk hwk-fr

Product-wp_404_auto_redirect_to_similar_post WP 404 Auto Redirect to Similar Post

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40328

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:26

Updated-28 Apr, 2026 | 16:08

WordPress Carrot Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions.

Vendor-carrrot Carrrot

Product-carrrot Carrrot

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-4234

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.22%

7 Day CHG~0.00%

Published-26 Apr, 2024 | 12:57

Updated-28 Apr, 2026 | 16:10

WordPress Filterable Portfolio plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4.

Vendor-Sayful Islam

Product-Filterable Portfolio

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43137

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.16% / 36.48%

7 Day CHG~0.00%

Published-12 Aug, 2024 | 22:26

Updated-28 Apr, 2026 | 16:10

WordPress WappPress Basic plugin <= 6.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4.

Vendor-WappPress Team

Product-WappPress

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39987

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-04 Sep, 2023 | 10:09

Updated-28 Apr, 2026 | 16:08

WordPress wSecure Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.

Vendor-JoomlaServiceProvider

Product-wsecure wSecure Lite

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39921

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.82%

7 Day CHG~0.00%

Published-30 Nov, 2023 | 15:47

Updated-28 Apr, 2026 | 16:08

WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19.

Vendor-amitzy Molongui

Product-molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-40329

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.13% / 31.53%

7 Day CHG~0.00%

Published-06 Sep, 2023 | 08:24

Updated-28 Apr, 2026 | 16:08

WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions.

Vendor-wpzest WPZest

Product-custom_admin_login_page_\|_wpzest_plugin Custom Admin Login Page | WPZest

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38397

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.25%

7 Day CHG~0.00%

Published-10 Aug, 2023 | 13:19

Updated-28 Apr, 2026 | 16:08

WordPress Gestion-Pymes Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eggemplo Gestion-Pymes plugin <= 1.5.6 versions.

Vendor-eggemplo Eggemplo

Product-gestion-pymes Gestion-Pymes

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37993

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.25%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 13:46

Updated-28 Apr, 2026 | 16:08

WordPress wpShopGermany IT-RECHT KANZLEI Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <= 1.7 versions.

Vendor-maennchen1 maennchen1.de

Product-wpshopgermany_it-recht_kanzlei wpShopGermany IT-RECHT KANZLEI

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38482

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-03 Sep, 2023 | 11:38

Updated-28 Apr, 2026 | 16:08

WordPress Post Affiliate Pro Plugin <= 1.25.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro plugin <= 1.25.0 versions.

Vendor-qualityunit QualityUnit

Product-post_affiliate_pro Post Affiliate Pro

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38521

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-03 Sep, 2023 | 11:08

Updated-28 Apr, 2026 | 16:08

WordPress Exifography Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exifography plugin <= 1.3.1 versions.

Vendor-kristarella Exifography

Product-exifography Exifography

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37986

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-01 Sep, 2023 | 11:09

Updated-28 Apr, 2026 | 16:08

WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions.

Vendor-minorange miniOrange

Product-wordpress_yourmembership_single_sign-on YourMembership Single Sign On – YM SSO Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38517

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-03 Sep, 2023 | 11:20

Updated-28 Apr, 2026 | 16:08

WordPress WRC Pricing Tables Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Realwebcare WRC Pricing Tables plugin <= 2.3.7 versions.

Vendor-realwebcare Realwebcare

Product-wrc_pricing_tables WRC Pricing Tables

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-4096

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-5.9||MEDIUM

EPSS-0.17% / 37.87%

7 Day CHG~0.00%

Published-30 Jul, 2024 | 06:00

Updated-28 May, 2025 | 00:52

Responsive Tabs <= 4.0.8 - Contributor+ Stored XSS

The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks

Vendor-wpdarko Unknown wpdarko

Product-responsive_tabs Responsive Tabs responsive_tabs

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-51361

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.12% / 30.75%

7 Day CHG~0.00%

Published-29 Dec, 2023 | 11:01

Updated-28 Apr, 2026 | 16:09

WordPress Sticky Chat Widget Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8.

Vendor-gingerplugins Ginger Plugins

Product-sticky_chat_widget Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-37980

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 23.25%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 13:59

Updated-28 Apr, 2026 | 16:08

WordPress Custom Field For WP Job Manager Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions.

Vendor-custom_field_for_wp_job_manager_project Gravity Master

Product-custom_field_for_wp_job_manager Custom Field For WP Job Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38476

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-03 Sep, 2023 | 11:43

Updated-28 Apr, 2026 | 16:08

WordPress Client Portal : SuiteDash Direct Login Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client Portal : SuiteDash Direct Login plugin <= 1.7.6 versions.

Vendor-suitedash SuiteDash :: ONE Dashboard®

Product-client_portal_\Client Portal : SuiteDash Direct Login

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38387

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%

7 Day CHG~0.00%

Published-03 Sep, 2023 | 11:13

Updated-28 Apr, 2026 | 16:08

WordPress Elastic Email Sender Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elastic Email Sender plugin <= 1.2.6 versions.

Vendor-elasticemail Elastic Email Sender

Product-elastic_email_sender Elastic Email Sender

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-49190

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.14% / 32.82%

7 Day CHG~0.00%

Published-15 Dec, 2023 | 15:10

Updated-28 Apr, 2026 | 16:08

WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.

Vendor-freehtmldesigns Chandra Shekhar Sahu

Product-site_offline Site Offline Or Coming Soon Or Maintenance Mode

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38518

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 19.56%