Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Jeff Starr

Source -

CNA

BOS Name -

N/A

CNA CVEs -

14

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
14Vulnerabilities found
CVE-2025-57892
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 2.20%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 11:59
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. This issue affects Simple Statistics for Feeds: from n/a through 20250322.

Action-Not Available
Vendor-Jeff Starr
Product-Simple Statistics for Feeds
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47499
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Blog Stats <= 20250416 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Blog Stats allows Stored XSS. This issue affects Simple Blog Stats: from n/a through 20250416.

Action-Not Available
Vendor-Jeff Starr
Product-Simple Blog Stats
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46240
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Download Counter <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Download Counter allows Stored XSS. This issue affects Simple Download Counter: from n/a through 2.2.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-simple_download_counterSimple Download Counter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46239
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme Switcha <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha allows Stored XSS. This issue affects Theme Switcha: from n/a through 3.4.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-theme_switchaTheme Switcha
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-7251
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.95%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 08:40
Updated-06 Aug, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901.

Action-Not Available
Vendor-Jeff Starr
Product-User Submitted Posts
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-45603
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9||CRITICAL
EPSS-2.16% / 83.61%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:38
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-user_submitted_postsUser Submitted Posts – Enable Users to Submit Posts from the Front End
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-49743
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 14:37
Updated-02 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dashboard Widgets Suite Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-dashboard_widget_suiteDashboard Widgets Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-26517
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.09%
||
7 Day CHG~0.00%
Published-06 May, 2023 | 06:59
Updated-09 Jan, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-dashboard_widget_suiteDashboard Widgets Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-27850
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.86%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 16:24
Updated-20 Feb, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-simple_ajax_chatSimple Ajax Chat (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-27849
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-12.78% / 93.75%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 16:24
Updated-20 Feb, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-simple_ajax_chatSimple Ajax Chat (WordPress plugin)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-25610
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-3.4||LOW
EPSS-0.33% / 54.90%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-20 Feb, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-simple_ajax_chatSimple Ajax Chat (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-25601
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.32% / 54.02%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-20 Feb, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).

Action-Not Available
Vendor-plugin-planetJeff StarrFedora Project
Product-contact_form_xfedoraContact Form X (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-24409
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-13.25% / 93.89%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 19:20
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-prismaticPrismatic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-24408
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.70%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 19:20
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prismatic < 2.8 - Contributor+ Stored XSS

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.

Action-Not Available
Vendor-plugin-planetJeff Starr
Product-prismaticPrismatic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')