CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,969 vulnerabilities with CWE-79
CVE-2025-14796
MEDIUM
My Album Gallery <= 1.0.4 - Authenticated Stored Cross-Site Scripting via Image Title
CVSS 6.4
CVE-2025-14626
MEDIUM
QR Code for WooCommerce <= 1.9.42 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2025-14453
MEDIUM
My Album Gallery <= 1.0.4 - Authenticated Stored Cross-Site Scripting via style_css Shortcode Attribute
CVSS 6.4
CVE-2025-14147
MEDIUM
Easy GitHub Gist Shortcodes <1.0 - XSS
CVSS 6.4
CVE-2025-14145
MEDIUM
Niche Hero < 1.0.5 - Authenticated Stored Cross-Site Scripting via nh_row Shortcode Spacing Parameter
CVSS 6.4
CVE-2025-14144
MEDIUM
Mstoic Shortcodes <= 2.0 - Authenticated Stored Cross-Site Scripting via ms_youtube_embeds Shortcode Start Parameter
CVSS 6.4
CVE-2025-14131
MEDIUM
WP Widget Changer <= 1.2.5 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14130
MEDIUM
Post Like Dislike <= 1.0 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14128
MEDIUM
Stumble! for WordPress <1.1.1 - XSS
CVSS 6.1
CVE-2025-14127
MEDIUM
Testimonial Master <= 0.2.1 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14122
MEDIUM
AD Sliding FAQ <= 2.4 - Authenticated Stored Cross-Site Scripting via sliding_faq Shortcode
CVSS 6.4
CVE-2025-14121
MEDIUM
EDD Download Info <= 1.1 - Authenticated Stored Cross-Site Scripting via edd_download_info_link Shortcode
CVSS 6.4
CVE-2025-14118
MEDIUM
Starred Review <= 1.4.2 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14114
MEDIUM
1180px Shortcodes <= 1.1.1 - Authenticated Stored Cross-Site Scripting via Class Shortcode Attribute
CVSS 6.4
CVE-2025-14113
MEDIUM
Viitor Button Shortcodes <3.0.0 - XSS
CVSS 6.4
CVE-2025-14112
MEDIUM
Snillrik Restaurant <2.2.1 & Menu <2.3.0 - Authenticated Stored XSS via menu_style
CVSS 6.4
CVE-2025-14110
MEDIUM
WP Js List Pages Shortcodes <1.22 - XSS
CVSS 6.4
CVE-2025-14109
MEDIUM
AH Shortcodes <= 1.0.2 - Authenticated Stored Cross-Site Scripting via Column Shortcode Attribute
CVSS 6.4
CVE-2025-14057
MEDIUM
Multi-column Tag Map <17.0.39 - XSS
CVSS 4.4
CVE-2025-14053
MEDIUM
Travel Bucket List - Wish To Go <= 0.5.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-14028
MEDIUM
Contact Us Simple Form <= 1.0 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-13974
MEDIUM
Email Customizer for WooCommerce <2.6.7 - XSS
CVSS 4.4
CVE-2025-13887
MEDIUM
AI BotKit WordPress <=1.1.7 - Authenticated Stored XSS via 'id' Parameter
CVSS 6.4
CVE-2025-13849
MEDIUM
Cool YT Player <= 1.0 - Authenticated Stored Cross-Site Scripting via videoid Parameter
CVSS 6.4
CVE-2025-13848
MEDIUM
STM Gallery <= 0.9 - Authenticated Stored Cross-Site Scripting via Composicion Parameter
CVSS 6.4
Details
Vulnerabilities
44,969
Exploit Likelihood
High