CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,995 vulnerabilities with CWE-79
CVE-2025-14143 MEDIUM
Ayo Shortcodes <= 0.2 - Authenticated Stored Cross-Site Scripting via 'color' Parameter
CVSS 6.4
CVE-2025-14138 MEDIUM
WPLG Default Mail From <1.0.0 - XSS
CVSS 6.1
CVE-2025-14137 MEDIUM
Simple AL Slider <= 1.2.10 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14132 MEDIUM
Category Dropdown List plugin <1.0 - XSS
CVSS 6.1
CVE-2025-14129 MEDIUM
Like DisLike Voting plugin <1.0.2 - XSS
CVSS 6.1
CVE-2025-14125 MEDIUM
Complag <= 1.0.2 - Unauthenticated Reflected Cross-Site Scripting via PHP_SELF Variable
CVSS 6.1
CVE-2025-14119 MEDIUM
WPBakery App Landing Template Blocks < 2.0.2 - Authenticated Stored XSS via atvc_video_play
CVSS 6.4
CVE-2025-14048 MEDIUM
SimplyConvert <= 1.0 - Authenticated Stored Cross-Site Scripting via simplyconvert_hash Option
CVSS 4.4
CVE-2025-14035 MEDIUM
DebateMaster <= 1.0.0 - Authenticated Stored Cross-Site Scripting via Color Options
CVSS 4.4
CVE-2025-14032 MEDIUM
Bold Timeline Lite <= 1.2.7 - Authenticated Stored Cross-Site Scripting via Title Parameter
CVSS 6.4
CVE-2025-13989 MEDIUM
WP Dropzone <= 1.1.1 - Authenticated Stored Cross-Site Scripting via Callback Shortcode Attribute
CVSS 6.4
CVE-2025-13988 MEDIUM
评论小秘书 WordPress Plugin <1.3.2 - XSS
CVSS 6.1
CVE-2025-13975 MEDIUM
Contact Form 7 with ChatWork <= 1.1.0 - Authenticated Stored Cross-Site Scripting via API Token and Room ID Settings
CVSS 4.4
CVE-2025-13971 MEDIUM
TWW Protein Calculator <1.0.24 - XSS
CVSS 4.4
CVE-2025-13969 MEDIUM
Reviews Sorted <= 2.4.2 - Authenticated Stored Cross-Site Scripting via Reviews-Slider Shortcode Space Parameter
CVSS 6.4
CVE-2025-13966 MEDIUM
Paypal Payment Shortcode <1.01 - XSS
CVSS 6.4
CVE-2025-13963 MEDIUM
FX Currency Converter <= 0.2.0 - Authenticated Stored Cross-Site Scripting via fxcc_convert Shortcode
CVSS 6.4
CVE-2025-13962 MEDIUM
Divelogs Widget <= 1.5 - Authenticated Stored Cross-Site Scripting via 'latestdive' Shortcode
CVSS 6.4
CVE-2025-13961 MEDIUM
WordPress Data Visualizer <2 - XSS
CVSS 6.4
CVE-2025-13960 MEDIUM
GPXpress <= 1.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-13906 MEDIUM
WP Flot <= 0.2.2 - Authenticated Stored Cross-Site Scripting via Linechart Shortcode
CVSS 6.4
CVE-2025-13904 MEDIUM
WPGancio <= 1.12 - Authenticated Stored Cross-Site Scripting via 'gancio-event' Shortcode
CVSS 6.4
CVE-2025-13889 MEDIUM
Simple Nivo Slider <= 0.5.6 - Authenticated Stored Cross-Site Scripting via Shortcode ID Parameter
CVSS 6.4
CVE-2025-13885 MEDIUM
Zenost Shortcodes <= 1.0 - Authenticated Stored Cross-Site Scripting via Button Shortcode Parameters
CVSS 6.4
CVE-2025-13884 MEDIUM
Hide Email Address plugin <0.1 - XSS
CVSS 6.4
Details
Vulnerabilities 44,995
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits