Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32528

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-25 Mar, 2026 | 16:15
Updated At-29 Apr, 2026 | 09:52
Rejected At-
Credits

WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:25 Mar, 2026 | 16:15
Updated At:29 Apr, 2026 | 09:52
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.

Affected Products
Vendor
don-themes
Product
Riode
Collection URL
https://wordpress.org/plugins
Package Name
riode
Default Status
unaffected
Versions
Affected
  • From n/a through < 1.6.29 (custom)
    • -> unaffectedfrom1.6.29
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591Reflected XSS
CAPEC ID: CAPEC-591
Description: Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Theme/riode/vulnerability/wordpress-riode-multi-purpose-woocommerce-theme-1-6-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Theme/riode/vulnerability/wordpress-riode-multi-purpose-woocommerce-theme-1-6-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:25 Mar, 2026 | 17:17
Updated At:24 Apr, 2026 | 16:35

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Theme/riode/vulnerability/wordpress-riode-multi-purpose-woocommerce-theme-1-6-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Theme/riode/vulnerability/wordpress-riode-multi-purpose-woocommerce-theme-1-6-29-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2438Records found
CVE-2025-30852
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-1.11% / 78.26%
||
7 Day CHG+0.92%
Published-01 Apr, 2025 | 20:58
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oracle Cards Lite plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: from n/a through <= 1.2.1.

Action-Not Available
Vendor-emotionalonlinestorytelling
Product-Oracle Cards Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hoteller theme < 6.8.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.

Action-Not Available
Vendor-ThemeGoods
Product-Hoteller
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68858
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpCAS plugin <= 1.07 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.

Action-Not Available
Vendor-Casey Bisson
Product-wpCAS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68866
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dinatur plugin <= 1.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.

Action-Not Available
Vendor-woofer696
Product-Dinatur
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69051
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through < 2.9.11.

Action-Not Available
Vendor-CridioStudio
Product-ListingPro Reviews
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69053
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.

Action-Not Available
Vendor-LambertGroup
Product-Universal Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68844
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Membee Login plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through <= 2.3.6.

Action-Not Available
Vendor-DaleAB
Product-Membee Login
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 16:00
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through <= 1.1.0.

Action-Not Available
Vendor-prasadkirpekar
Product-Advanced Custom CSS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69003
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KenthaRadio theme <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.

Action-Not Available
Vendor-QantumThemes
Product-KenthaRadio
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68894
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShoutOut plugin <= 4.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.

Action-Not Available
Vendor-shoutoutglobal
Product-ShoutOut
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68501
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1.

Action-Not Available
Vendor-Mollie
Product-Mollie Payments for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68836
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 08:33
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents Creator: from n/a through 1.6.4.1.

Action-Not Available
Vendor-Markbeljaars
Product-Table of Contents Creator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-50901
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.17% / 37.29%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:06
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Mega Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-ht_megaHT Mega – Absolute Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.02% / 5.25%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 4.0.1.

Action-Not Available
Vendor-CMSJunkie - WordPress Business Directory Plugins
Product-WP-BusinessDirectory
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68011
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GLS Shipping for WooCommerce plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0.

Action-Not Available
Vendor-GLS
Product-GLS Shipping for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68846
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through <= 1.3.5.

Action-Not Available
Vendor-Paris Holley
Product-Asynchronous Javascript
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2.

Action-Not Available
Vendor-harman79
Product-ID Arrays
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68879
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 15:58
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through <= 1.5.

Action-Not Available
Vendor-councilsoft
Product-Content Grid Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DotLife theme < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.

Action-Not Available
Vendor-ThemeGoods
Product-DotLife
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68859
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Syntax Highlighter Compress plugin <= 3.0.83.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through <= 3.0.83.3.

Action-Not Available
Vendor-agmorpheus
Product-Syntax Highlighter Compress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68864
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-29 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Infility Global plugin <= 2.15.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.15.11.

Action-Not Available
Vendor-Infility
Product-Infility Global
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ravpage plugin <= 2.33 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.

Action-Not Available
Vendor-matiskiba
Product-Ravpage
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68847
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iSape plugin <= 0.72 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72.

Action-Not Available
Vendor-itex
Product-iSape
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69048
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.

Action-Not Available
Vendor-LambertGroup
Product-Universal Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress amr cron manager plugin <= 2.3 - Reflecte dCross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through <= 2.3.

Action-Not Available
Vendor-anmari
Product-amr cron manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-68852
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13.

Action-Not Available
Vendor-webmuehle
Product-Court Reservation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67943
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.

Action-Not Available
Vendor-wphocus
Product-My auctions allegro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress eHive Search plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through <= 2.5.0.

Action-Not Available
Vendor-Vernon Systems Limited
Product-eHive Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67972
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Prague prague-plugins allows Reflected XSS.This issue affects Prague: from n/a through <= 2.2.8.

Action-Not Available
Vendor-fox-themes
Product-Prague
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 2.07%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 08:31
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.

Action-Not Available
Vendor-ArtstudioWorks
Product-Brookside
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.

Action-Not Available
Vendor-themegoodsThemeGoods
Product-grand_restaurantGrand Restaurant
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67947
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11.

Action-Not Available
Vendor-ScriptsBundle
Product-AdForest Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.8.8.

Action-Not Available
Vendor-Spencer Haws
Product-Link Whisper Free
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67614
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheNa theme <= 1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5.

Action-Not Available
Vendor-foreverpinetree
Product-TheNa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67916
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jobify theme <= 4.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0.

Action-Not Available
Vendor-Astoundify
Product-Jobify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67964
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.08%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through <= 2.4.3.

Action-Not Available
Vendor-favethemes
Product-Homey Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49574
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-24 May, 2024 | 12:40
Updated-04 Mar, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.

Action-Not Available
Vendor-flexenseFlexense
Product-vx_searchVX Search Enterprise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-49766
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 38.50%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:42
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.

Action-Not Available
Vendor-themeficThemefic
Product-ultimate_addons_for_contact_form_7Ultimate Addons for Contact Form 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67971
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0.

Action-Not Available
Vendor-WPManageNinja
Product-FluentCart
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67984
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through <= 2.8.2.

Action-Not Available
Vendor-calliko
Product-NPS computy
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67959
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WorkScout theme <= 4.1.07 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through <= 4.1.07.

Action-Not Available
Vendor-purethemes
Product-WorkScout
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67918
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30.

Action-Not Available
Vendor-WofficeIO
Product-Woffice
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67933
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through <= 4.0.9.

Action-Not Available
Vendor-taskbuilder
Product-Taskbuilder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-50905
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 05:35
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Activity Log Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.

Action-Not Available
Vendor-melapressMelapressmelapress
Product-wp_activity_logWP Activity Logwp_activity_log
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67978
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Educare plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through <= 1.6.1.

Action-Not Available
Vendor-FixBD
Product-Educare
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 13.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand Tour theme < 5.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.

Action-Not Available
Vendor-ThemeGoods
Product-Grand Tour
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67932
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through < 2.0.19.

Action-Not Available
Vendor-purethemes
Product-Listeo Core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-66119
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:22
Updated-28 Apr, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.

Action-Not Available
Vendor-Bob
Product-Hostel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-66102
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.90%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:22
Updated-28 Apr, 2026 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.

Action-Not Available
Vendor-FolioVision
Product-FV Antispam
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30808
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.67% / 71.43%
||
7 Day CHG+0.48%
Published-01 Apr, 2025 | 05:31
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through <= 1.6.2.

Action-Not Available
Vendor-Weblizar - WordPress Themes & Plugin
Product-About Author
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found