ByteOS Network

CVE-2025-48238

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.08% / 23.34%

||

7 Day CHG~0.00%

Published-19 May, 2025 | 14:44

Updated-28 Apr, 2026 | 16:12

WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit awcode-toolkit allows Stored XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.18.

Vendor-awcode

Product-AWcode Toolkit

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-24554

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.13% / 32.03%

||

7 Day CHG~0.00%

Published-14 Feb, 2025 | 12:44

Updated-28 Apr, 2026 | 16:11

WordPress AWcode Toolkit plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.14.

Vendor-awcode

Product-AWcode Toolkit

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-24561

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.14% / 33.22%

||

7 Day CHG~0.00%

Published-24 Jan, 2025 | 17:24

Updated-28 Apr, 2026 | 16:11

WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in awcode ReviewsTap reviewstap allows Stored XSS.This issue affects ReviewsTap: from n/a through <= 1.1.2.

Vendor-awcode

Product-ReviewsTap

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-23625

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.11% / 29.14%

||

7 Day CHG~0.00%

Published-22 Jan, 2025 | 14:29

Updated-28 Apr, 2026 | 16:11

WordPress Unique UX plugin <= 0.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode Unique UX unique-ux allows Reflected XSS.This issue affects Unique UX: from n/a through <= 0.9.2.

Vendor-awcode

Product-Unique UX

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-23954

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.14% / 33.63%

||

7 Day CHG~0.00%

Published-16 Jan, 2025 | 20:08

Updated-28 Apr, 2026 | 16:11

WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in awcode Salvador – AI Image Generator salvador-ai-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through <= 1.0.11.

Vendor-awcode

Product-Salvador – AI Image Generator

CWE ID-CWE-862

Missing Authorization

awcode

Source -

BOS Name -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -