ByteOS Network

CVE-2025-49397

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.03% / 8.05%

||

7 Day CHG~0.00%

Published-20 Aug, 2025 | 08:03

Updated-20 Aug, 2025 | 14:39

WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox allows Stored XSS. This issue affects Colorbox Lightbox: from n/a through 1.1.5.

Vendor-Noor Alam

Product-Colorbox Lightbox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-54706

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.03% / 8.05%

||

7 Day CHG~0.00%

Published-14 Aug, 2025 | 10:34

Updated-14 Aug, 2025 | 13:55

WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52.

Vendor-Noor Alam

Product-Magical Posts Display

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-26591

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.04% / 10.50%

||

7 Day CHG~0.00%

Published-04 Jul, 2025 | 08:42

Updated-08 Jul, 2025 | 16:18

WordPress WP fancybox plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam WP fancybox allows Stored XSS. This issue affects WP fancybox: from n/a through 1.0.4.

Vendor-Noor Alam

Product-WP fancybox

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-39572

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.06% / 20.07%

||

7 Day CHG~0.00%

Published-16 Apr, 2025 | 12:44

Updated-16 Apr, 2025 | 13:42

WordPress Checkout for PayPal <= 1.0.38 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal allows Stored XSS. This issue affects Checkout for PayPal: from n/a through 1.0.38.

Vendor-Noor Alam

Product-Checkout for PayPal

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31844

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.02% / 4.94%

||

7 Day CHG-0.04%

Published-01 Apr, 2025 | 14:51

Updated-01 Apr, 2025 | 20:26

WordPress Magical Blocks plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks allows Stored XSS. This issue affects Magical Blocks: from n/a through 1.0.10.

Vendor-Noor Alam

Product-Magical Blocks

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-49627

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.04% / 11.70%

||

7 Day CHG~0.00%

Published-20 Oct, 2024 | 10:11

Updated-22 Oct, 2024 | 18:33

WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.

Vendor-noorsplugin Noor Alam

Product-wordpress_image_seo WordPress Image SEO

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

Noor Alam

Source -

BOS Name -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -