CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-24745 – WordPress Classified Listing plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24745
17 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing allows Reflected XSS. This issue affects Classified Listing: from n/a through 4.0.1. • https://patchstack.com/database/wordpress/plugin/classified-listing/vulnerability/wordpress-classified-listing-plugin-4-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1427 – The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag
https://notcve.org/view.php?id=CVE-2024-1427
01 Jul 2024 — The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page... • https://plugins.trac.wordpress.org/browser/the-post-grid/tags/7.4.2/app/Helpers/Fns.php#L1051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0836 – WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update
https://notcve.org/view.php?id=CVE-2024-0836
30 Jan 2024 — The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. El complemento WordPress Review & Structure Data Schema Plugin – Review Schema para WordPress es vulnerable a modificaciones no auto... • https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39923 – WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39923
07 Aug 2023 — Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento RadiusTheme The Post Grid en versiones <= 7.2.7. The The Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.2.7. This is due to missing or incorrect nonce validation on the save_block_css() function. This makes it possible for unauthenticated attackers to modify block CSS via... • https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-2-7-cross-site-request-forgery-csrf-leading-to-css-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37894 – WordPress Variation Images Gallery for WooCommerce Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-37894
12 Jul 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions. The Variation Images Gallery for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via styling parameters in versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully tr... • https://patchstack.com/database/vulnerability/woo-product-variation-gallery/wordpress-variation-images-gallery-for-woocommerce-plugin-2-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37387 – WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-37387
05 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. The Classified Listing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.5. This is due to missing or incorrect nonce validation on the rtcl_ajax_thumbnail_delete function. This makes it possible for unauthenticated attackers to delete the post thumbnail via a forged request granted they can trick a site administrator into performing an action such ... • https://patchstack.com/database/vulnerability/classified-listing/wordpress-classified-listing-plugin-2-4-5-cross-site-request-forgery-csrf-leading-to-thumbnail-removal-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46853 – WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46853
20 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the rttpg_spare_me function. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site ... • https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-plugin-5-0-4-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23685 – WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23685
13 Feb 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions. The Portfolio – WordPress Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in versions up to, and including, 2.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scr... • https://patchstack.com/database/vulnerability/tlp-portfolio/wordpress-portfolio-wordpress-portfolio-plugin-plugin-2-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2654 – Classima < 2.1.11 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2654
22 Aug 2022 — The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting El tema Classima de WordPress versiones anteriores a 2.1.11 y algunos de sus plugins necesarios (Classified Listing versiones anteriores a 2.2.14, Classified Listing Pro v... • https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2655 – Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2655
22 Aug 2022 — The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Classified Listing Pro de WordPress versiones anteriores a 2.0.20, no escapa de una URL generada antes de devolverla a un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Classified Listing Pro plugin for WordPress is vulnerable to Reflected Cross-... • https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •