Title |
CVE ID |
CVSS |
Vector |
Date |
VDP |
Advanced Woo Labels <= 2.15 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2025-32188 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
April 4, 2025 |
Patchstack |
CMP โ Coming Soon & Maintenance <= 4.1.13 – Authenticated (Admin+) Arbitrary File Upload |
CVE-2025-32118 |
7.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
April 4, 2025 |
Patchstack |
WP Proposals <= 2.3 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2025-31837 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
April 1, 2025 |
Patchstack |
TablePress โ Tables in WordPress made easy <= 3.0.4 – Authenticated (Author+) Stored Cross-Site Scripting |
CVE-2025-2685 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
March 26, 2025 |
WordFence |
WooCommerce <= 9.7.0 – Authenticated (Shop Manager+) Stored Cross-Site Scripting |
CVE-2025-26762 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
March 12, 2025 |
HackerOne |
Document Block โ Upload & Embed Docs <= 1.1.0 – Missing Authorization |
CVE-2025-22696 |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
January 31, 2025 |
Patchstack |
PPOM for WooCommerce <= 33.0.8 – Authenticated (Administrator+) Stored Cross-Site Scripting |
CVE-2025-24668 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
January 24, 2025 |
Patchstack |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.7.1 – Authenticated (Shop Manager+) Stored Cross-Site Scripting |
CVE-2025-24644 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
January 24, 2025 |
Patchstack |
Popup Maker <= 1.20.2 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2025-24746 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
January 24, 2025 |
Patchstack |
Icegram <= 3.1.31 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2025-24542 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
January 24, 2025 |
Patchstack |
Flexible PDF Coupons <= 1.10.2 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2025-22825 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
January 15, 2025 |
Patchstack |
Htaccess File Editor <= 1.0.19 – Unauthenticated Information Exposure |
CVE-2025-22773 |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
January 14, 2025 |
Patchstack |
WebToffee WP Backup and Migration <= 1.5.3 – Unauthenticated Sensitive Information Exposure |
CVE-2025-24651 |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
January 13, 2025 |
Patchstack |
Modula Image Gallery <= 2.11.10 – Authenticated (Author+) Arbitrary File Upload |
CVE-2024-12853 |
8.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
January 7, 2025 |
WordFence |
Email Templates Customizer for WordPress โ Drag And Drop Email Templates Builder โ YeeMail <= 2.1.4 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2025-22802 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
January 7, 2025 |
Patchstack |
Typing Text <= 1.2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2025-22315 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
January 6, 2025 |
Patchstack |
New User Approve <= 2.6.2 – Missing Authorization |
CVE-2024-54323 |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
December 11, 2024 |
Patchstack |
Landing Page Cat <= 1.7.4 – Missing Authorization |
CVE-2024-49686 |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
October 21, 2024 |
Patchstack |
Email Template Customizer for WooCommerce <= 1.2.9.1 – Authenticated (Shop manager+) Stored Cross-Site Scripting |
CVE-2024-49288 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
October 15, 2024 |
Patchstack |
Htaccess File Editor <= 1.0.18 – Missing Authorization |
CVE-2024-49256 |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
October 14, 2024 |
Patchstack |
Essential Blocks for Gutenberg <= 4.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-47385 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
September 30, 2024 |
Patchstack |
Depicter Slider <= 3.2.2 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-47381 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
September 30, 2024 |
Patchstack |
Advanced Woo Labels <= 2.01 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-47622 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
September 30, 2024 |
Patchstack |
WS Form LITE <= 1.9.238 – Unauthenticated Stored Cross-Site Scripting |
CVE-2024-47320 |
6.1 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
September 25, 2024 |
Patchstack |
Icegram <= 3.1.25 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-43344 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
August 16, 2024 |
Patchstack |
WP Table Builder โ WordPress Table Plugin <= 1.4.15 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-43125 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
August 7, 2024 |
Patchstack |
3D FlipBook โ PDF Flipbook Viewer, Flipbook Image Gallery <= 1.15.6 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-43152 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
August 7, 2024 |
Patchstack |
Depicter Slider <= 3.1.2 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-43161 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
August 7, 2024 |
Patchstack |
VK All in One Expansion Unit <= 9.99.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-37956 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
July 10, 2024 |
Patchstack |
Fusion <= 1.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-37962 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
July 10, 2024 |
Patchstack |
WooCommerce <= 8.9.2 – Authenticated (Shop Manager+) Content Injection |
CVE-2024-35777 |
2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
June 27, 2024 |
HackerOne |
Page Builder Sandwich โ Front-End Page Builder <= 5.1.0 – Missing Authorization |
CVE-2024-37218 |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
June 21, 2024 |
Patchstack |
Page Builder Sandwich โ Front-End Page Builder <= 5.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-37219 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
June 21, 2024 |
Patchstack |
Page Builder: Live Composer <= 1.5.47 – Authenticated (Author+) Stored Cross-Site Scripting |
CVE-2024-35768 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
June 18, 2024 |
Patchstack |
PPOM for WooCommerce <= 32.0.20 – Unauthenticated Content Injection Vulnerability |
CVE-2024-35728 |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
June 6, 2024 |
Patchstack |
YITH WooCommerce Product Add-Ons <= 4.9.2 – Unauthenticated Content Injection |
CVE-2024-35680 |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
June 6, 2024 |
Patchstack |
Woody code snippets โ Insert Header Footer Code, AdSense Ads <= 2.4.10 – Authenticated (Admin+) Stored Cross-Site Scripting |
CVE-2024-35751 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
June 6, 2024 |
Patchstack |
YITH WooCommerce Tab Manager <= 1.35.0 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-35698 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
June 6, 2024 |
Patchstack |
Advanced Woo Labels โ Product Labels for WooCommerce <= 1.93 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-35675 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
June 5, 2024 |
Patchstack |
Visual Composer Website Builder <= 45.8.0 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-35653 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
June 3, 2024 |
Patchstack |
Brave โ Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content <= 0.6.9 – Authenticated (Admin+) Stored Cross-Site Scripting |
CVE-2024-35655 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
June 3, 2024 |
Patchstack |
YITH WooCommerce Wishlist <= 3.32.0 – Authenticated (Admin+) Stored Cross-Site Scripting |
CVE-2024-34385 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
May 30, 2024 |
Patchstack |
Pootle Pagebuilder โ WordPress Page builder <= 5.7.1 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-34573 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
May 7, 2024 |
Patchstack |
Page Builder: Live Composer <= 1.5.38 – Missing Authorization |
CVE-2024-32957 |
4.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
April 23, 2024 |
Patchstack |
Fixed HTML Toolbar <= 1.0.7 – Authenticated (Admin+) Stored Cross-Site Scripting |
CVE-2024-32540 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
April 15, 2024 |
Patchstack |
Remove Footer Credit <= 1.0.13 – Authenticated (Administrator+) Stored Cross-Site Scripting |
CVE-2024-32429 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
April 12, 2024 |
Patchstack |
WordPress Page Builder โ Zion Builder <= 3.6.9 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-30444 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
March 28, 2024 |
Patchstack |
Astra <= 4.6.4 – Authenticated (Editor+) Stored Cross-Site Scripting via Theme Header/Footer |
CVE-2024-29768 |
5.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
March 25, 2024 |
Patchstack |
Post and Page Builder by BoldGrid โ Visual Drag and Drop Editor Plugin <= 1.26.2 – Authenticated (Contributor+) Stored Cross-Site Scripting |
CVE-2024-2888 |
6.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
March 25, 2024 |
Patchstack |
Visual Composer Website Builder <= 45.6.0 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-27997 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
March 15, 2024 |
Patchstack |
Blocksy <= 2.0.19 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-24871 |
4.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
February 5, 2024 |
Patchstack |
Scroll Triggered Box <= 2.3 – Authenticated (Editor+) Stored Cross-Site Scripting |
CVE-2024-24865 |
5.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
February 2, 2024 |
Patchstack |