CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,000 vulnerabilities with CWE-79
CVE-2025-67553 MEDIUM
ThemeHigh Advanced FAQ Manager <1.5.3 - XSS
CVSS 6.5
CVE-2025-67552 MEDIUM
Walker Core <= 1.3.17 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-67551 MEDIUM
Wappointment <= 2.6.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-67550 MEDIUM
rhewlif Donation Thermometer <=2.2.6 - XSS
CVSS 6.5
CVE-2025-67549 MEDIUM
bobbingwide oik <= 4.15.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-67545 MEDIUM
FirePlugins FireBox <= 3.1.0-free - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-67544 MEDIUM
Get Bowtied Shopkeeper Extender < 7.0. - XSS
CVSS 6.5
CVE-2025-67543 MEDIUM
Essential Widgets <= 2.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-67542 MEDIUM
SilkyPress Multi-Step Checkout - WooCommerce <= 2.33 - XSS
CVSS 6.5
CVE-2025-67541 MEDIUM
Lester Chan WP-ShowHide <=1.05 - XSS
CVSS 6.5
CVE-2025-67539 MEDIUM
Select Core < 2.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-67538 MEDIUM
JNews Gallery < 12.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-67537 MEDIUM
ThirstyAffiliates <= 3.11.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-67536 MEDIUM
ThimPress LearnPress <4.2.9.4 - XSS
CVSS 6.5
CVE-2025-67533 HIGH
Themify Portfolio Post <1.3.0 - XSS
CVSS 7.1
CVE-2025-63075 MEDIUM
Muffingroup Betheme <= 28.1.7 - XSS
CVSS 6.5
CVE-2025-63073 MEDIUM
The7 < 12.9.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-63072 MEDIUM
THEMECO Cornerstone <=7.7.3 - Stored XSS
CVSS 6.5
CVE-2025-63066 MEDIUM
p-themes Porto Theme <= 3.6.2 - XSS
CVSS 6.5
CVE-2025-63064 MEDIUM
EventON <= 4.9.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-63061 MEDIUM
Kallyas < 4.25.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-63059 MEDIUM
Ninja Popups <= 4.7.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-63057 MEDIUM
Roxnor Wp Ultimate Review <= 2.3.6 - XSS
CVSS 6.5
CVE-2025-63055 MEDIUM
Master Addons for Elementor <= 2.0.9.9 - XSS
CVSS 6.5
CVE-2025-63052 MEDIUM
SimpLy Gallery <= 3.3.2.1 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,000
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits