CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,736 vulnerabilities with CWE-79
CVE-2026-42729 HIGH
WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-42728 HIGH
WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-3349 MEDIUM
MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter
CVSS 6.1
CVE-2026-3348 MEDIUM
MinhNhut Link Gateway <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Plugin Settings
CVSS 4.4
CVE-2026-2288 MEDIUM
myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter
CVSS 4.8
CVE-2026-2280 MEDIUM
rexCrawler <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2026-48968 MEDIUM
WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-8143 HIGH
Booking Calendar – Event Calendar <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters
CVSS 7.2
CVE-2026-8042 MEDIUM
Github Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS 6.4
CVE-2026-3375 HIGH
LiteSpeed Cache <= 7.7 - Unauthenticated Stored Cross-Site Scripting via QUIC.cloud CCSS/UCSS REST API Endpoints
CVSS 7.2
CVE-2026-3001 MEDIUM
Gutenverse <= 3.4.6 - Reflected Cross-Site Scripting via 's' Parameter
CVSS 6.1
CVE-2026-2030 MEDIUM
WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8899 MEDIUM
Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8898 MEDIUM
Events In City <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8897 MEDIUM
Shortcode Buddy <= 0.1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8894 MEDIUM
iWR Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8891 MEDIUM
BitForm <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8887 MEDIUM
Listen Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8886 MEDIUM
hk_shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
CVSS 6.4
CVE-2026-8884 MEDIUM
Instant-Quote.co Quotation Page <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8877 MEDIUM
Responsive Video Embedder <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8875 MEDIUM
Easy Prism Syntax Highlighter <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8873 MEDIUM
Content Slideshow <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8872 MEDIUM
Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8871 MEDIUM
Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
Details
Vulnerabilities 44,736
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits