Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-28083

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-26 Feb, 2026 | 08:33
Updated At-26 Feb, 2026 | 14:46
Rejected At-
Credits

WordPress Flatsome theme <= 3.20.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:26 Feb, 2026 | 08:33
Updated At:26 Feb, 2026 | 14:46
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Flatsome theme <= 3.20.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.1.

Affected Products
Vendor
UX-themes
Product
Flatsome
Collection URL
https://wordpress.org/plugins
Package Name
flatsome
Default Status
unaffected
Versions
Affected
  • From n/a through <= 3.20.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592Stored XSS
CAPEC ID: CAPEC-592
Description: Stored XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Theme/flatsome/vulnerability/wordpress-flatsome-theme-3-20-1-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Theme/flatsome/vulnerability/wordpress-flatsome-theme-3-20-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:26 Feb, 2026 | 09:16
Updated At:27 Feb, 2026 | 14:06

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Theme/flatsome/vulnerability/wordpress-flatsome-theme-3-20-1-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Theme/flatsome/vulnerability/wordpress-flatsome-theme-3-20-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2534Records found
CVE-2024-34687
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.62%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 03:56
Updated-23 Oct, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

Action-Not Available
Vendor-SAP SE
Product-sap_basisSAP NetWeaver Application server for ABAP and ABAP Platformsap_netweaver_application_server_for_abap_and_abap_platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35719
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 13:16
Updated-29 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RestroPress plugin <= 3.1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagniGenie RestroPress allows Stored XSS.This issue affects RestroPress: from n/a through 3.1.2.1.

Action-Not Available
Vendor-magnigenieMagniGenie
Product-restropressRestroPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 13:36
Updated-29 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1.

Action-Not Available
Vendor-uappUAPP GROUPuapp_group
Product-testimonial_carousel_for_elementorTestimonial Carousel For Elementortestimonial_carousel_for_elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35739
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:42
Updated-14 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Post Grid plugin <= 7.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1.

Action-Not Available
Vendor-radiusthemeRadiusTheme
Product-the_post_gridThe Post Grid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:07
Updated-26 Nov, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93.

Action-Not Available
Vendor-advanced-woo-labelsILLID
Product-advanced_woo_labelsAdvanced Woo Labels
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 14:15
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2.

Action-Not Available
Vendor-spiffypluginsSpiffy Plugins
Product-wp_flow_plusWP Flow Plus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:40
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pixgraphy theme <= 1.3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.3.8.

Action-Not Available
Vendor-themefreesiaTheme Freesia
Product-pixgraphyPixgraphy
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34795
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:44
Updated-07 Mar, 2025 | 11:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through 0.21.3.

Action-Not Available
Vendor-tainacanTainacan.org
Product-tainacanTainacan
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.56%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 12:34
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Excellent allows Stored XSS.This issue affects Excellent: from n/a through 1.2.9.

Action-Not Available
Vendor-themefreesiaTheme Freesia
Product-excellentExcellent
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:58
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive theme <= 5.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive allows Stored XSS.This issue affects Responsive: from n/a through 5.0.3.

Action-Not Available
Vendor-CyberChimps Inc.
Product-responsiveResponsive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:41
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.9.

Action-Not Available
Vendor-Jewel Theme
Product-Master Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34571
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.20%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 09:39
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Himalayas theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.

Action-Not Available
Vendor-ThemeGrill
Product-Himalayas
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.58%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:29
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8.

Action-Not Available
Vendor-Themesgrove
Product-WidgetKit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35704
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:12
Updated-29 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BlockArt Blocks plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockArt BlockArt Blocks allows Stored XSS.This issue affects BlockArt Blocks: from n/a through 2.1.5.

Action-Not Available
Vendor-wpblockartWPBlockArt
Product-blockart_blocksBlockArt Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 09:00
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pootle Pagebuilder plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1.

Action-Not Available
Vendor-Pootlepress
Product-Pootle Pagebuilder – WordPress Page builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34770
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 11:13
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Maker WP plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through 1.2.8.

Action-Not Available
Vendor-Popup Makerpopup_maker
Product-Popup Maker WPpopup_maker_wp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35167
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 10:02
Updated-25 Mar, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8.

Action-Not Available
Vendor-envothemesEnvoThemes
Product-envo\'s_elementor_templates_\&_widgets_for_woocommerceEnvo's Elementor Templates & Widgets for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:22
Updated-29 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.1.3.

Action-Not Available
Vendor-fahadmahmoodFahad Mahmood
Product-wp_docsWP Docs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35731
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:53
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9.

Action-Not Available
Vendor-wpmooseWP Moose
Product-kenta_blocksKenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 14:17
Updated-09 Oct, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Save as PDF Plugin by Pdfcrowd plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.3.

Action-Not Available
Vendor-pdfcrowdPdfcrowd
Product-save_as_pdfSave as PDF plugin by Pdfcrowd
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34801
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:32
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Praison SEO WordPress plugin <= 4.0.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n/a through 4.0.15.

Action-Not Available
Vendor-Mervin Praison
Product-Praison SEO WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34757
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.90%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 05:59
Updated-10 Apr, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg allows Stored XSS.This issue affects Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg: from n/a through 1.5.3.

Action-Not Available
Vendor-visualmodoVisualmodovisualmodo
Product-borderlessBorderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenbergborderless
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35707
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:05
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through 1.1.32.

Action-Not Available
Vendor-Heateor
Product-social_loginHeateor Social Login
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35699
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:17
Updated-29 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Feed plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Feed allows Stored XSS.This issue affects HT Feed: from n/a through 1.2.8.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-ht_feedHT Feedht_feed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 11:37
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChaosTheory theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through 1.3.

Action-Not Available
Vendor-Automattic Inc.
Product-ChaosTheory
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35762
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.56%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 12:35
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4.

Action-Not Available
Vendor-cryoutcreationsCryout Creations
Product-serious_sliderSerious Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35709
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:03
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.5.4.

Action-Not Available
Vendor-posimythPOSIMYTH
Product-the_plus_addons_for_elementorThe Plus Addons for Elementor Page Builder Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34767
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 11:36
Updated-25 Nov, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through 2.8.7.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-shoplentorShopLentor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35711
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 13:59
Updated-29 Aug, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Event theme <= 1.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Event allows Stored XSS.This issue affects Event: from n/a through 1.2.2.

Action-Not Available
Vendor-themefreesiaTheme Freesia
Product-eventEvent
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35708
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:04
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rife Free theme <= 2.4.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19.

Action-Not Available
Vendor-apollo13themesapollo13themes
Product-rife_freeRife Free
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 11:15
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through 1.7.

Action-Not Available
Vendor-cyclonetheme
Product-Elegant Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35703
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:14
Updated-29 Aug, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sina Extension for Elementor plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.3.

Action-Not Available
Vendor-sinaextraSinaExtra
Product-sina_extension_for_elementorSina Extension for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.90%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:31
Updated-28 Jan, 2025 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Magical Addons For Elementor plugin <= 1.1.34 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.

Action-Not Available
Vendor-wpthemespaceNoor alam
Product-magical_addons_for_elementorMagical Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35782
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:46
Updated-02 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.

Action-Not Available
Vendor-codelessCodeless
Product-cowidgets_-_elementorCowidgets – Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35705
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:11
Updated-29 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Block for Font Awesome plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4.

Action-Not Available
Vendor-getbutterflyCiprian Popescu
Product-block_for_font_awesomeBlock for Font Awesome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 10:33
Updated-02 Jun, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TemplatesNext OnePager plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3.

Action-Not Available
Vendor-templatesnextTemplatesNext
Product-onepagerTemplatesNext OnePager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.41%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 15:00
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpDiscuz plugin <= 7.6.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpdiscuzwpDiscuz
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-35666
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.49%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:53
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.1.2.

Action-Not Available
Vendor-themesflatThemesflatthemesflat
Product-themesflat_addons_for_elementorThemesflat Addons For Elementorthemesflat_addons_for_elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34765
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.15%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:44
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.

Action-Not Available
Vendor-Sensei
Product-Sensei Pro (WC Paid Courses)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33916
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 07:18
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CPO Companion plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0.

Action-Not Available
Vendor-MachoThemes
Product-CPO Companion
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33949
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.68%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:46
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a through 2.0.0.

Action-Not Available
Vendor-Vark
Product-Min and Max Purchase for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34390
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:21
Updated-09 Jun, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Grid Master plugin <= 3.4.8 - Auth. Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8.

Action-Not Available
Vendor-AddonMaster (Akhtarujjaman Shuvo)
Product-post_grid_masterPost Grid Master
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:05
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8.

Action-Not Available
Vendor-Sonl Sinha (SKT Web Themes LLC)
Product-SKT Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33954
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.68%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 11:18
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pliska theme <= 0.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Yonkov Pliska allows Stored XSS.This issue affects Pliska: from n/a through 0.3.5.

Action-Not Available
Vendor-Atanas Yonkov
Product-Pliska
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33945
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 06:57
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8.

Action-Not Available
Vendor-solverwp.com
Product-Eleblog – Elementor Blog And Magazine Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34381
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:23
Updated-31 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.

Action-Not Available
Vendor-wp-property-hivePropertyHivepropertyhive
Product-propertyhivePropertyHivepropertyhive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33934
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.68%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 07:07
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mini Loops plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1.

Action-Not Available
Vendor-Kailey LampertWordPress.org
Product-Mini Loopsmini_loops
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34445
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:00
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SKT Addons for Elementor plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8.

Action-Not Available
Vendor-Sonl Sinha (SKT Web Themes LLC)
Product-SKT Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 11:06
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Elementor Addons plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4.

Action-Not Available
Vendor-BetterAddons
Product-Better Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33951
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.68%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 11:31
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfect Pullquotes plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5.

Action-Not Available
Vendor-Adam DeHaven
Product-Perfect Pullquotes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 40
  • 41
  • 42
  • ...
  • 50
  • 51
  • Next
Details not found