CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,730 vulnerabilities with CWE-79
CVE-2026-48157 MEDIUM
Slim has Reflected XSS in the HtmlErrorRenderer
CVSS 6.1
CVE-2026-52702 HIGH
WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-49773 MEDIUM
WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-49055 HIGH
WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48966 HIGH
WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48885 HIGH
WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48880 MEDIUM
WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-48876 HIGH
WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48871 HIGH
WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48870 MEDIUM
WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-48867 HIGH
WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-48838 HIGH
WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-45437 HIGH
WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42775 HIGH
WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42688 MEDIUM
WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-42686 HIGH
WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42663 MEDIUM
WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-42658 HIGH
WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42656 MEDIUM
WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-42650 HIGH
WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability
CVSS 7.2
CVE-2026-42649 HIGH
WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-41556 MEDIUM
WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-40791 HIGH
WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-40787 HIGH
WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-40770 HIGH
WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
Details
Vulnerabilities 44,730
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits