Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

CRUDLab

Source -

CNA

BOS Name -

N/A

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2025-22774
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.24% / 14.48%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:17
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Scroll to Top crudlab-scroll-to-top allows Reflected XSS.This issue affects CRUDLab Scroll to Top: from n/a through <= 1.0.1.

Action-Not Available
Vendor-CRUDLab
Product-CRUDLab Scroll to Top
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23814
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.36% / 28.01%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Like Box crudlab-facebook-like-box allows Reflected XSS.This issue affects CRUDLab Like Box: from n/a through <= 2.0.9.

Action-Not Available
Vendor-CRUDLab
Product-CRUDLab Like Box
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23938
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.80% / 51.75%
||
7 Day CHG+0.03%
Published-22 Jan, 2025 | 14:29
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Gallery Box by CRUDLab Plugin <= 1.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CRUDLab Image Gallery Box by CRUDLab image-gallery-box-by-crudlab allows PHP Local File Inclusion.This issue affects Image Gallery Box by CRUDLab: from n/a through <= 1.0.3.

Action-Not Available
Vendor-CRUDLab
Product-Image Gallery Box by CRUDLab
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-54399
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 8.73%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2.

Action-Not Available
Vendor-CRUDLab
Product-CRUDLab Google Plus Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47820
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 23.77%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Like Button plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.

Action-Not Available
Vendor-CRUDLab
Product-WP Like Button
CWE ID-CWE-862
Missing Authorization
CVE-2023-32966
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 13.73%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 17:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7.

Action-Not Available
Vendor-crudlabCRUDLab
Product-jazz_popupsJazz Popups
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40199
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 10.82%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 12:33
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.

Action-Not Available
Vendor-crudlabCRUDLab
Product-wp_like_buttonWP Like Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32965
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.38% / 29.62%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 13:24
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions.

Action-Not Available
Vendor-crudlabCRUDLab
Product-jazz_popupsJazz Popups
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')