CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,966 vulnerabilities with CWE-79
CVE-2026-24623
HIGH
Neoforum <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2026-24621
MEDIUM
Vladimir Statsenko Terms <3.4.9 - XSS
CVSS 5.9
CVE-2026-24620
MEDIUM
PluginOps Landing Page Builder <1.5.3.3 - XSS
CVSS 5.9
CVE-2026-24617
MEDIUM
Daniel Iser Easy Modal <=2.1.0 - XSS
CVSS 6.5
CVE-2026-24614
MEDIUM
Devsbrain Flex QR Code Generator <=1.2.8 - XSS
CVSS 5.9
CVE-2026-24601
MEDIUM
PenciDesign Penci Pay Writer <=1.5 - XSS
CVSS 6.5
CVE-2026-24600
MEDIUM
PenciDesign Penci Review <=3.5 - XSS
CVSS 6.5
CVE-2026-24594
MEDIUM
Livemesh Addons for WPBakery Page Builder <= 3.9.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2026-24591
MEDIUM
Turn Yoast SEO FAQ Block to Accordion <= 1.0.6 - XSS
CVSS 6.5
CVE-2026-24584
MEDIUM
Themeum Tutor LMS BunnyNet Integration <= 1.0.0 - XSS
CVSS 5.9
CVE-2026-24576
MEDIUM
COP UX Flat <= 5.4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-24558
MEDIUM
ABG Rich Pins <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-24555
MEDIUM
ArtPlacer Widget <= 2.23.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-24550
MEDIUM
Kaira Blockons <= 1.2.19 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-24528
MEDIUM
pixelgrade Nova Blocks <2.1.9 - XSS
CVSS 6.5
CVE-2026-24526
MEDIUM
Steve Truman Email Inquiry & Cart Options - WooCommerce <= 3.4.3 - XSS
CVSS 6.5
CVE-2026-0914
MEDIUM
WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated Stored Cross-Site Scripting via lw_content_block Shortcode
CVSS 6.4
CVE-2026-0788
MEDIUM
ALGO 8180 IP Audio Alerter Firmware - Unauthenticated Stored Cross-Site Scripting in Syslog Viewer
CVSS 6.1
CVE-2026-21264
CRITICAL
Microsoft Account - Cross-Site Scripting
CVSS 9.3
CVE-2026-24389
MEDIUM
WP Chill Gallery PhotoBlocks <1.3.2 - XSS
CVSS 6.5
CVE-2026-24383
MEDIUM
B Slider <= 2.0.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2026-24361
MEDIUM
LearnPress - Course Review <= 4.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-24355
MEDIUM
Houzez Theme - Functionality <4.2.6 - XSS
CVSS 6.5
CVE-2026-24354
MEDIUM
PenciDesign Penci Shortcodes & Performance <=6.1 - XSS
CVSS 6.5
CVE-2026-23976
MEDIUM
WP Chill Modula Image Gallery <2.13.4 - XSS
CVSS 5.9
Details
Vulnerabilities
44,966
Exploit Likelihood
High