Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-42688

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-15 Jun, 2026 | 20:18
Updated At-16 Jun, 2026 | 01:23
Rejected At-
Credits

WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:15 Jun, 2026 | 20:18
Updated At:16 Jun, 2026 | 01:23
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

Affected Products
Vendor
WP Chill
Product
Modula Image Gallery
Collection URL
https://wordpress.org/plugins
Package Name
modula-best-grid-gallery
Default Status
unaffected
Versions
Affected
  • From n/a through 2.14.23 (custom)
    • -> unaffectedfrom2.14.24
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-588CAPEC-588 DOM-Based XSS
CAPEC ID: CAPEC-588
Description: CAPEC-588 DOM-Based XSS
Solutions

Update the WordPress Modula Image Gallery Plugin to the latest available version (at least 2.14.24).

Configurations

Workarounds

Exploits

Credits

finder
Nguyen Ba Khanh | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/modula-best-grid-gallery/vulnerability/wordpress-modula-image-gallery-plugin-2-14-23-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/modula-best-grid-gallery/vulnerability/wordpress-modula-image-gallery-plugin-2-14-23-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:15 Jun, 2026 | 21:16
Updated At:15 Jun, 2026 | 21:24

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-79Primaryaudit@patchstack.com
CWE ID: CWE-79
Type: Primary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/modula-best-grid-gallery/vulnerability/wordpress-modula-image-gallery-plugin-2-14-23-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/modula-best-grid-gallery/vulnerability/wordpress-modula-image-gallery-plugin-2-14-23-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2685Records found

CVE-2026-24389
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 2.92%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.

Action-Not Available
Vendor-WP Chill
Product-Gallery PhotoBlocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43216
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.54%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 21:38
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filr plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Filr filr-protection.This issue affects Filr: from n/a through <= 1.2.4.

Action-Not Available
Vendor-WP Chill
Product-Filr
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43329
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 15.74%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 13:42
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Allegiant theme <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a through 1.2.7.

Action-Not Available
Vendor-cpothemesWP Chill
Product-allegiantAllegiant
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58610
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 8.85%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 14:36
Updated-13 May, 2026 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows Stored XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.1.

Action-Not Available
Vendor-WP Chill
Product-Gallery PhotoBlocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57926
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.10%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-12 May, 2026 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Passster Plugin <= 4.2.18 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster content-protector allows Stored XSS.This issue affects Passster: from n/a through <= 4.2.18.

Action-Not Available
Vendor-WP Chill
Product-Passster
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-23976
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.33%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.

Action-Not Available
Vendor-WP Chill
Product-Modula Image Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28171
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 08:01
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.

Action-Not Available
Vendor-wpchillWP Chill
Product-brillianceBrilliance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44477
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 08:55
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cooked Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.

Action-Not Available
Vendor-boxystudioBoxy Studio
Product-cookedCooked
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-45059
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.73%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 08:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin <= 3.1.0 versions.

Action-Not Available
Vendor-gumroadGumroad
Product-gumroadGumroad
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26539
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 12.00%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 13:53
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petkivim Embed Google Map embed-google-map allows Stored XSS.This issue affects Embed Google Map: from n/a through <= 3.2.

Action-Not Available
Vendor-petkivim
Product-Embed Google Map
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.

Action-Not Available
Vendor-tranmautritam
Product-TheFox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57755
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Mosaic Gallery &#8211; Advanced Gallery <= 1.2.0 versions.

Action-Not Available
Vendor-Misbah WP
Product-Mosaic Gallery &#8211; Advanced Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:16
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.

Action-Not Available
Vendor-Gordon Böhme
Product-Structured Content
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57764
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:16
Updated-02 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.

Action-Not Available
Vendor-Surbma
Product-Surbma | Yoast SEO Breadcrumb Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57342
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

Action-Not Available
Vendor-ShortPixel
Product-ShortPixel Adaptive Images
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57354
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetReviews plugin <= 3.0.0.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.

Action-Not Available
Vendor-Crocoblock. Jetimpex Inc.
Product-JetReviews
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44145
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 09:49
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Anchor Episodes Index (Spotify for Podcasters) Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions.

Action-Not Available
Vendor-jeswebjesweb.dev
Product-anchor_episodes_index_\(spotify_for_podcasters\)Anchor Episodes Index (Spotify for Podcasters)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44984
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.70%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:41
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress bbp style pack Plugin <= 5.6.7 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions.

Action-Not Available
Vendor-rewwebRobin Wilson
Product-bbp_style_packbbp style pack
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 10:02
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Images Slideshow by 2J Plugin <= 1.3.54 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <= 1.3.54 versions.

Action-Not Available
Vendor-2joomla2J Slideshow Team
Product-2j_slideshowSlideshow, Image Slider by 2J
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44264
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 10:06
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.

Action-Not Available
Vendor-arrowpluginsArrow Plugins
Product-the_awesome_feedThe Awesome Feed – Custom Feed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-45067
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.74%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 12:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Simple HTML Sitemap Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions.

Action-Not Available
Vendor-freelancer-coderAshish Ajani
Product-wordpress_simple_html_sitemapWordPress Simple HTML Sitemap
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57620
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 3.00%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 11:41
Updated-26 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8.

Action-Not Available
Vendor-Tim Strifler
Product-Exclusive Addons Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57737
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 3.62%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 17:42
Updated-02 Jul, 2026 | 12:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16.

Action-Not Available
Vendor-Averta LTD
Product-Shortcodes and extra features for Phlox theme
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57650
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 3.00%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

Action-Not Available
Vendor-BlockArt
Product-Magazine Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57754
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.

Action-Not Available
Vendor-Livemesh
Product-Livemesh Addons for WPBakery Page Builder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.79%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:36
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Action-Not Available
Vendor-Stylemix
Product-MasterStudy LMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-56046
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.42%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.

Action-Not Available
Vendor-CridioStudio
Product-ListingPro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57329
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.43%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:36
Updated-01 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Action-Not Available
Vendor-WOOCOMMERCE DESIGNER PRO
Product-WooCommerce Designer Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57328
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.42%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 13:36
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Action-Not Available
Vendor-Strategy11 Team
Product-Business Directory
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 39.61%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 00:00
Updated-28 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.

Action-Not Available
Vendor-cobhamn/acobham
Product-sailor_600_vsat_ku_firmwaresailor_600_vsat_kun/asailor_900_vsatsailor_600_vsat_kusailor_800_vsat
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-49773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.24%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:19
Updated-15 Jun, 2026 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

Action-Not Available
Vendor-FolioVision
Product-FV Flowplayer Video Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-48968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 7.95%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 08:48
Updated-27 May, 2026 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8.

Action-Not Available
Vendor-Depicter (Averta)
Product-Master Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-48870
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 10.63%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.

Action-Not Available
Vendor-King Addons
Product-King Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-49044
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 7.95%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 14:46
Updated-27 May, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2.

Action-Not Available
Vendor-Justin Kruit
Product-Advanced Custom Fields: Font Awesome Field
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40904
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.19% / 8.36%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 13:23
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

Action-Not Available
Vendor-nozominetworksNozomi NetworksSiemens AG
Product-guardiancmcGuardianCMCRUGGEDCOM APE1808
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39516
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Author WIP Progress Bar plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alan Petersen Author WIP Progress Bar author-work-in-progress-bar allows DOM-Based XSS.This issue affects Author WIP Progress Bar: from n/a through <= 1.0.

Action-Not Available
Vendor-Alan Petersen
Product-Author WIP Progress Bar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.53%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes rescue-shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through <= 3.1.

Action-Not Available
Vendor-rescuethemesRescue Themes
Product-rescue_shortcodesRescue Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39574
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uix Shortcodes plugin <= 2.0.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Stored XSS.This issue affects Uix Shortcodes: from n/a through <= 2.0.4.

Action-Not Available
Vendor-UIUX Lab
Product-Uix Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Logo Carousel Slider plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Logo Carousel Slider logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel Slider: from n/a through <= 2.1.3.

Action-Not Available
Vendor-wpWax
Product-Logo Carousel Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.3.977.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Royal Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Stored XSS.This issue affects Checkout Files Upload for WooCommerce: from n/a through <= 2.2.0.

Action-Not Available
Vendor-WP Wham
Product-Checkout Files Upload for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39361
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 12.74%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 09:03
Updated-12 May, 2026 | 00:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1017.

Action-Not Available
Vendor-Royal Elementor Addons
Product-royal_elementor_addonsRoyal Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.2.

Action-Not Available
Vendor-Property Hive
Product-PropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39579
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-12 May, 2026 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows DOM-Based XSS.This issue affects Membership For WooCommerce: from n/a through <= 2.8.0.

Action-Not Available
Vendor-WP Swings
Product-Membership For WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.

Action-Not Available
Vendor-andy_moyle
Product-Church Admin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39581
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themify Shortcodes plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes themify-shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through <= 2.1.3.

Action-Not Available
Vendor-themifyme
Product-Themify Shortcodes
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39590
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 16.97%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 7.11%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 17:33
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.

Action-Not Available
Vendor-Crocoblock
Product-JetElements For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.24%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TNC FlipBook plugin <= 12.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook pdf-viewer-for-wordpress allows Stored XSS.This issue affects TNC FlipBook: from n/a through <= 12.1.0.

Action-Not Available
Vendor-themencodeThemeNcode
Product-tnc_flipbookTNC FlipBook
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39585
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Travelfic Toolkit plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Stored XSS.This issue affects Travelfic Toolkit: from n/a through <= 1.2.1.

Action-Not Available
Vendor-Themefic
Product-Travelfic Toolkit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 53
  • 54
  • Next
Details not found