CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,968 vulnerabilities with CWE-79
CVE-2025-14283
MEDIUM
BlockArt Blocks - WordPress <2.2.14 - XSS
CVSS 6.4
CVE-2025-14063
MEDIUM
SEO Links Interlinking <1.7.5 - XSS
CVSS 6.1
CVE-2025-9082
MEDIUM
WPBITS Addons For Elementor <1.8 - XSS
CVSS 6.4
CVE-2025-14039
MEDIUM
Simple Folio <= 1.1.1 - Authenticated Stored Cross-Site Scripting via Meta Fields
CVSS 6.4
CVE-2025-12709
MEDIUM
WordPress Block Editor <1.3.1 - XSS
CVSS 6.4
CVE-2025-8072
MEDIUM
Target Video Easy Publish <3.8.8 - XSS
CVSS 6.4
CVE-2025-11687
MEDIUM
gi-docgen < 2025.5 - Cross-Site Scripting via q GET Parameter
CVSS 6.1
CVE-2025-70368
MEDIUM
Worklenz 2.1.5 - Stored Cross-Site Scripting in Project Updates Feature
CVSS 5.4
CVE-2025-14985
MEDIUM
Alpha Blocks <= 1.5.0 - Authenticated Stored Cross-Site Scripting via alpha_block_css Parameter
CVSS 6.4
CVE-2025-14941
MEDIUM
GZSEO <= 2.0.11 - Authenticated Stored Cross-Site Scripting via Embed Code Parameter
CVSS 6.4
CVE-2025-14797
MEDIUM
Same Category Posts <= 1.1.19 - Authenticated Stored Cross-Site Scripting via Widget Title Placeholder
CVSS 5.4
CVE-2025-13676
MEDIUM
JustClick registration plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF
CVSS 6.1
CVE-2025-12836
MEDIUM
VK Google Job Posting Manager <1.2.20 - XSS
CVSS 6.4
CVE-2025-70458
MEDIUM
Sourcecodester Domain Availability Checker 1.0 - DOM-based Cross-Site Scripting in createResultElement Method
CVSS 5.4
CVE-2025-71177
MEDIUM
Lavalite CMS <= 10.1.0 - Authenticated Stored Cross-Site Scripting via Package Name or Description
CVSS 5.4
CVE-2025-67231
MEDIUM
ToDesktop Builder < 0.33.1 - Reflected Cross-Site Scripting
CVSS 5.9
CVE-2025-2204
MEDIUM
Tap&Sign <= 23012026 - Cross-Site Scripting
CVSS 4.7
CVE-2025-14745
MEDIUM
RSS Aggregator < 5.0.10 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-14069
MEDIUM
Schema & Structured Data for WP & AMP <1.55 - XSS
CVSS 6.4
CVE-2025-15522
MEDIUM
Uncanny Automator < 6.10.0.2 - Authenticated Stored Cross-Site Scripting via Discord User Mapping Shortcode
CVSS 6.4
CVE-2025-9289
MEDIUM
TP-Link Omada Controller < 6.0.0.24 - Stored Cross-Site Scripting
CVSS 4.7
CVE-2025-69321
HIGH
ThemeGoods Grand Spa <= 3.5.5 - XSS
CVSS 7.1
CVE-2025-69320
HIGH
ThemeGoods Grand Magazine <=3.5.7 - XSS
CVSS 7.1
CVE-2025-69318
HIGH
JobWP <= 2.4.5 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-69317
HIGH
CarSpot < 2.4.6 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
44,968
Exploit Likelihood
High