Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57342

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-02 Jul, 2026 | 11:15
Updated At-02 Jul, 2026 | 14:56
Rejected At-
Credits

WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:02 Jul, 2026 | 11:15
Updated At:02 Jul, 2026 | 14:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

Affected Products
Vendor
ShortPixel
Product
ShortPixel Adaptive Images
Default Status
unaffected
Versions
Affected
  • From n/a through 3.11.3 (custom)
    • -> unaffectedfrom3.11.4
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions

Update the WordPress ShortPixel Adaptive Images Plugin to the latest available version (at least 3.11.4).

Configurations

Workarounds

Exploits

Credits

finder
dodoh4t | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/shortpixel-adaptive-images/vulnerability/wordpress-shortpixel-adaptive-images-plugin-3-11-3-cross-site-scripting-xss-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/shortpixel-adaptive-images/vulnerability/wordpress-shortpixel-adaptive-images-plugin-3-11-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:02 Jul, 2026 | 12:17
Updated At:02 Jul, 2026 | 15:17

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-79Secondaryaudit@patchstack.com
CWE ID: CWE-79
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/shortpixel-adaptive-images/vulnerability/wordpress-shortpixel-adaptive-images-plugin-3-11-3-cross-site-scripting-xss-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/shortpixel-adaptive-images/vulnerability/wordpress-shortpixel-adaptive-images-plugin-3-11-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2685Records found

CVE-2025-39575
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCasa plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa wpcasa allows Stored XSS.This issue affects WPCasa: from n/a through <= 1.3.2.

Action-Not Available
Vendor-WPSight
Product-WPCasa
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-45435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.64%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 22:28
Updated-26 May, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3.

Action-Not Available
Vendor-Melapress
Product-WP Activity Log
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39540
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Flipclock plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP Flipclock wp-flipclock allows DOM-Based XSS.This issue affects WP Flipclock: from n/a through <= 1.9.1.

Action-Not Available
Vendor-Rhys Wynne
Product-WP Flipclock
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 23.09%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Checkout for PayPal plugin <= 1.0.38 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Stored XSS.This issue affects Checkout for PayPal: from n/a through <= 1.0.38.

Action-Not Available
Vendor-Noor Alam
Product-Checkout for PayPal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Posts Carousel plugin <= 1.3.10 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.10.

Action-Not Available
Vendor-teastudio.pl
Product-WP Posts Carousel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39369
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 7.11%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:35
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through <= 2.1.

Action-Not Available
Vendor-sihibbs
Product-Posts for Page
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39578
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.64%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Blocks plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Stored XSS.This issue affects Responsive Blocks: from n/a through <= 2.0.2.

Action-Not Available
Vendor-CyberChimps Inc.
Product-Responsive Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-59549
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 8.86%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:26
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms getresponse allows Stored XSS.This issue affects GetResponse Forms: from n/a through <= 2.6.0.

Action-Not Available
Vendor-fatcatapps
Product-GetResponse Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57629
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

Action-Not Available
Vendor-StatCounter
Product-StatCounter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24627
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.32%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-12 May, 2026 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blur Text Plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linnea Huxford Blur Text blur-text allows Stored XSS.This issue affects Blur Text: from n/a through <= 1.0.0.

Action-Not Available
Vendor-Linnea Huxford
Product-Blur Text
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 3.00%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

Action-Not Available
Vendor-nK
Product-Ghost Kit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57431
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-29 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

Action-Not Available
Vendor-Mervin Praison
Product-Featured Image
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57638
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

Action-Not Available
Vendor-WPManageNinja LLC
Product-Fluent Booking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-57617
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:53
Updated-26 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

Action-Not Available
Vendor-SeedProd LLC.
Product-SeedProd Pro
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.26%
||
7 Day CHG+0.02%
Published-09 Apr, 2025 | 16:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PowerPress Podcasting plugin <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.

Action-Not Available
Vendor-blubrry
Product-PowerPress Podcasting
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32211
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 8.87%
||
7 Day CHG+0.02%
Published-08 Apr, 2025 | 16:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Broadstreet plugin <= 1.52.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.

Action-Not Available
Vendor-Broadstreet
Product-Broadstreet Ads
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32176
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery Blocks with Lightbox plugin <= 3.2.5 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.5.

Action-Not Available
Vendor-GalleryCreator
Product-SimpLy Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32175
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VK Filter Search plugin <= 2.20.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Filter Search vk-filter-search allows Stored XSS.This issue affects VK Filter Search: from n/a through <= 2.20.2.

Action-Not Available
Vendor-Vektor,Inc.
Product-VK Filter Search
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32169
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Showeblogin Social plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Prasad Showeblogin Social showeblogin-facebook-page-like-box allows DOM-Based XSS.This issue affects Showeblogin Social: from n/a through <= 7.0.

Action-Not Available
Vendor-Suresh Prasad
Product-Showeblogin Social
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32162
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.40%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chamber Dashboard Business Directory plugin <= 3.3.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Morgan Kay Chamber Dashboard Business Directory allows DOM-Based XSS. This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.11.

Action-Not Available
Vendor-Morgan Kay
Product-Chamber Dashboard Business Directory
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32183
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Playlist For YouTube plugin <= 6.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Galaxy Weblinks Video Playlist For YouTube video-playlist-for-youtube allows Stored XSS.This issue affects Video Playlist For YouTube: from n/a through <= 6.7.1.

Action-Not Available
Vendor-Galaxy Weblinks
Product-Video Playlist For YouTube
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Emma for WordPress plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress emma-emarketing-plugin allows Stored XSS.This issue affects Emma for WordPress: from n/a through <= 1.3.3.

Action-Not Available
Vendor-John Housholder
Product-Emma for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32193
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple WP Events plugin <= 1.8.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMinds Simple WP Events simple-wp-events allows Stored XSS.This issue affects Simple WP Events: from n/a through <= 1.8.17.

Action-Not Available
Vendor-WPMinds
Product-Simple WP Events
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32181
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Search, Filters & Merchandising for WooCommerce plugin <= 3.0.58 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce instantsearch-for-woocommerce allows Stored XSS.This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through <= 3.0.58.

Action-Not Available
Vendor-Fast Simon
Product-Search, Filters & Merchandising for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32190
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Musician's Pack For Elementor plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartwpress Musician's Pack For Elementor music-pack-for-elementor allows DOM-Based XSS.This issue affects Musician's Pack For Elementor: from n/a through <= 1.8.7.

Action-Not Available
Vendor-smartwpress
Product-Musician's Pack For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32199
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 14.32%
||
7 Day CHG+0.02%
Published-10 Apr, 2025 | 08:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form Builder by vcita plugin <= 4.10.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita allows DOM-Based XSS.This issue affects Contact Form Builder by vcita: from n/a through <= 4.10.2.

Action-Not Available
Vendor-eyale-vc
Product-Contact Form Builder by vcita
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32184
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Store Kit Elementor Addons plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.5.0.

Action-Not Available
Vendor-BdThemes
Product-Ultimate Store Kit Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32195
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Stored XSS.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.

Action-Not Available
Vendor-Ecwid by Lightspeed Ecommerce Shopping Cart
Product-Ecwid Shopping Cart
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32188
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Woo Labels plugin <= 2.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through <= 2.15.

Action-Not Available
Vendor-ILLID
Product-Advanced Woo Labels
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32180
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.86%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojofywp Product Carousel For WooCommerce – WoorouSell woorousell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through <= 1.1.0.

Action-Not Available
Vendor-mojofywp
Product-Product Carousel For WooCommerce – WoorouSell
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32186
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Turbo Addons for Elementor plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Turbo Addons Turbo Addons Elementor turbo-addons-elementor allows DOM-Based XSS.This issue affects Turbo Addons Elementor: from n/a through <= 1.7.7.

Action-Not Available
Vendor-Turbo Addons
Product-Turbo Addons Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32182
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spider Elements – Addons for Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spider Themes Spider Elements spider-elements allows Stored XSS.This issue affects Spider Elements: from n/a through <= 1.6.5.

Action-Not Available
Vendor-Spider Themes
Product-Spider Elements
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32173
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows Stored XSS.This issue affects B Blocks: from n/a through <= 2.0.0.

Action-Not Available
Vendor-bPlugins
Product-B Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32920
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 12.22%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:05
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0.

Action-Not Available
Vendor-templateinvaders
Product-TI WooCommerce Wishlist
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32170
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Stored XSS.This issue affects Motors: from n/a through <= 1.4.71.

Action-Not Available
Vendor-Stylemix
Product-Motors
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32171
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Table Block by Tableberg plugin <= 0.6.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imtiaz Rayhan Table Block by Tableberg tableberg allows Stored XSS.This issue affects Table Block by Tableberg: from n/a through <= 0.6.10.

Action-Not Available
Vendor-Imtiaz Rayhan
Product-Table Block by Tableberg
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32189
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BWD Elementor Addons plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer BWD Elementor Addons bwd-elementor-addons allows DOM-Based XSS.This issue affects BWD Elementor Addons: from n/a through <= 4.4.2.

Action-Not Available
Vendor-Best WP Developer
Product-BWD Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32187
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Administrator Z plugin <= 2026.03.02 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quý Lê 91 Administrator Z administrator-z allows DOM-Based XSS.This issue affects Administrator Z: from n/a through <= 2026.03.02.

Action-Not Available
Vendor-Quý Lê 91
Product-Administrator Z
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.25%
||
7 Day CHG+0.02%
Published-09 Apr, 2025 | 16:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MapSVG Lite plugin <= 8.6.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.6.6.

Action-Not Available
Vendor-RomanCode
Product-MapSVG
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32194
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through <= 1.5.1.

Action-Not Available
Vendor-LA-Studio
Product-LA-Studio Element Kit for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32191
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress News Element Elementor Blog Magazine plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through <= 1.0.9.

Action-Not Available
Vendor-webangon
Product-News Element Elementor Blog Magazine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32197
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Piotnet Addons For Elementor plugin <= 2.4.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Addons For Elementor piotnet-addons-for-elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through <= 2.4.36.

Action-Not Available
Vendor-piotnetdotcom
Product-Piotnet Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32198
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 14.55%
||
7 Day CHG+0.02%
Published-10 Apr, 2025 | 08:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brizy plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy brizy.This issue affects Brizy: from n/a through <= 2.7.7.

Action-Not Available
Vendor-brizythemefusecom
Product-brizyBrizy
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32172
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.60%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YaMaps for WordPress plugin <= 0.6.40 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress yamaps allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through <= 0.6.40.

Action-Not Available
Vendor-Yuri Baranov
Product-YaMaps for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32167
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.11%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SurveyJS plugin <= 1.12.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS surveyjs allows Stored XSS.This issue affects SurveyJS: from n/a through <= 1.12.20.

Action-Not Available
Vendor-devsoftbaltic
Product-SurveyJS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32207
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-12 May, 2026 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods ni-woocommerce-cost-of-goods allows Stored XSS.This issue affects Ni WooCommerce Cost Of Goods: from n/a through <= 3.2.8.

Action-Not Available
Vendor-Anzar Ahmed
Product-Ni WooCommerce Cost Of Goods
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 8.90%
||
7 Day CHG+0.02%
Published-10 Apr, 2025 | 08:09
Updated-12 May, 2026 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hive Support plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.

Action-Not Available
Vendor-Hive Support
Product-Hive Support
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.59%
||
7 Day CHG+0.02%
Published-09 Apr, 2025 | 16:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Waymark plugin <= 1.5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark waymark allows Stored XSS.This issue affects Waymark: from n/a through <= 1.5.3.

Action-Not Available
Vendor-Joe
Product-Waymark
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32165
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doppler Forms plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.

Action-Not Available
Vendor-fromdoppler
Product-Doppler Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32163
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.12%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.10.

Action-Not Available
Vendor-Xpro
Product-Xpro Elementor Addons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 53
  • 54
  • Next
Details not found