Patchstack - Page 23 of Patchstack Vulnerabilities List

WordPress Glossary plugin <= 2.2.38 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Glossary versions = 2.2.38...

WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.8.4.8.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Go Fetch Jobs for WP Job Manager versions = 1.8.4.8.1...

WordPress Goal Tracker – Custom Event Tracking for GA4 plugin <= 1.1.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Goal Tracker - Custom Event Tracking for GA4 versions = 1.1.5...

WordPress HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin <= 2.2.27 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Html5 Audio Player versions = 2.2.27...

Patchstack•added 2026/05/01 9:31 a.m.•4 views

WordPress Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Alt Manager versions = 1.6.3...

WordPress Inavii Social Feed plugin <= 2.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Inavii for Elementor Social Feed versions = 2.7.0...

WordPress Independent Analytics plugin <= 2.9.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Independent Analytics - Google Analytics Alternative for WordPress versions = 2.9.7...

WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress versions = 2.24.6...

WordPress Ivory Search – WordPress Search Plugin plugin <= 5.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ivory Search versions = 5.5.8...

WordPress Joli Table Of Contents plugin <= 2.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Joli Table Of Contents versions = 2.6.0...

WordPress Justified Gallery plugin <= 1.9.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Justified Gallery versions = 1.9.0...

Patchstack•added 2026/05/01 9:31 a.m.•4 views

WordPress Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce plugin <= 1.10.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Location Picker at Checkout for WooCommerce versions = 1.10.6...

WordPress Knowledge Base documentation & wiki plugin – BasePress Docs plugin <= 2.16.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.16.3.3...

WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin FooBox Image Lightbox versions = 2.7.33...

WordPress Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid plugin <= 3.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Logo Showcase with Slick Slider versions = 3.2.7...

WordPress MapGeo – Interactive Geo Maps plugin <= 1.6.22 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Interactive Geo Maps versions = 1.6.22...

WordPress Mapster WP Maps plugin <= 1.9.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Mapster WP Maps versions = 1.9.0...

WordPress Marijuana Age Verify plugin <= 1.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Marijuana Age Verify versions = 1.5.5...

WordPress Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin <= 2.0.7.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Master Addons for Elementor versions = 2.0.7.2...

WordPress Menu Image, Icons made easy plugin <= 3.12 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Menu Image, Icons made easy versions = 3.12...

Patchstack•added 2026/05/01 9:31 a.m.•5 views

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3.2...

Patchstack•added 2026/05/01 9:31 a.m.•5 views

WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Meta Field Block versions = 1.3.3...

WordPress Mixed Media Gallery Blocks plugin <= 3.2.4.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin SimpLy Gallery versions = 3.2.4.4...

WordPress Music Player for Elementor – Audio Player & Podcast Player plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Music Player for Elementor – Audio Player & Podcast Player versions = 2.4.1...

WordPress Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar plugin <= 2.1.34 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar versions = 2.1.34...

WordPress Ocean Extra plugin <= 2.4.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ocean Extra versions = 2.4.2...

Patchstack•added 2026/05/01 9:31 a.m.•4 views

WordPress Pay For Post with WooCommerce plugin <= 3.1.26 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Pay For Post with WooCommerce versions = 3.1.26...

WordPress Open User Map plugin <= 1.4.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Open User Map versions = 1.4.0...

WordPress Payment Gateway for ACBA BANK plugin <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Payment Gateway for ACBA BANK versions = 1.2.6...

Patchstack•added 2026/05/01 9:30 a.m.•5 views

WordPress PDF Poster – Display PDF Files with Custom Viewer plugin <= 2.2.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin PDF Poster versions = 2.2.0...

Patchstack•added 2026/05/01 9:30 a.m.•1 views

WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WC Place Order Without Payment versions = 2.6.5...

Patchstack•added 2026/05/01 9:30 a.m.•4 views

WordPress Post List Designer – Category Post, Recent Post, Post List plugin <= 3.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Posts List Designer by Category – List Category Posts Or Recent Posts versions = 3.3.7...

Patchstack•added 2026/05/01 9:17 a.m.•2 views

WordPress Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider plugin <= 3.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Post Slider and Carousel with Widget – A Responsive Post Slider versions = 3.2.7...

WordPress Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin <= 3.0.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Post SMTP versions = 3.0.0...

Patchstack•added 2026/05/01 9:17 a.m.•2 views

WordPress Post to Google My Business (Google Business Profile) plugin <= 3.1.28 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Post to Google My Business Google Business Profile versions = 3.1.28...

Patchstack•added 2026/05/01 9:17 a.m.•4 views

WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.11 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Premmerce Permalink Manager for WooCommerce versions = 2.3.11...

WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Premmerce Product Filter for WooCommerce versions = 3.7.3...

WordPress Primary Addon for Elementor plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Primary Addon for Elementor versions = 1.6.0...

WordPress Product Layouts for WooCommerce plugin <= 1.3.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Product Layouts for Woocommerce Product Gallery, Product Showcase, Layout Design, Category Tabs, Product Slider, Product Grid, Product Table versions = 1.3.1...

Patchstack•added 2026/05/01 9:17 a.m.•2 views

WordPress Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player plugin <= 2.0.82 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Radio Player versions = 2.0.82...

Patchstack•added 2026/05/01 9:17 a.m.•4 views

WordPress Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.5.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Radio Station versions = 2.5.9...

Patchstack•added 2026/05/01 9:16 a.m.•4 views

WordPress Remove Add to Cart WooCommerce plugin <= 1.4.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Remove Add to Cart WooCommerce versions = 1.4.7...

Patchstack•added 2026/05/01 9:16 a.m.•1 views

WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Restaurant & Cafe Addon for Elementor versions = 1.5.8...

WordPress Restrict – membership, site, content and user access restrictions for WordPress plugin <= 2.3.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Restrict versions = 2.3.0...

WordPress RevivePress – Keep your Old Content Evergreen plugin <= 1.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin RevivePress versions = 1.5.8...

Patchstack•added 2026/05/01 9:16 a.m.•4 views

WordPress Role Based Pricing for Woo by Meow Crew plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WooCommerce Role Based Pricing by Meow Crew versions = 1.6.0...

WordPress Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins plugin <= 6.1.13 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Authorize.Net Payment Gateway For WooCommerce versions = 6.1.13...

WordPress Security Ninja – WordPress Security & Firewall plugin <= 5.222 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Security Ninja – Secure Firewall & Secure Malware Scanner versions = 5.222...

Patchstack•added 2026/05/01 9:16 a.m.•3 views

WordPress Send Users Email – Email Subscribers, Email Marketing Newsletter plugin <= 1.5.10 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Send Users Email versions = 1.5.10...

Patchstack•added 2026/05/01 9:16 a.m.•3 views

WordPress Share This Image plugin <= 2.07 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Share This Image versions = 2.07...