CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,012 vulnerabilities with CWE-79
CVE-2025-12066
MEDIUM
WP Delete Post Copies <= 6.0.2 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-13141
MEDIUM
HT Mega - Absolute Addons For Elementor <3.0.0 - XSS
CVSS 6.4
CVE-2025-11826
MEDIUM
WP Company Info <= 1.9.0 - Authenticated Stored Cross-Site Scripting via Social Networks Shortcode Class Attribute
CVSS 6.4
CVE-2025-11808
MEDIUM
Google Street View plugin <0.5.7 - XSS
CVSS 6.4
CVE-2025-11803
MEDIUM
WPSite Shortcode <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-13159
HIGH
Flo Forms - Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 7.1
CVE-2025-13135
MEDIUM
HotelRunner Booking Widget <5.2.4 - XSS
CVSS 6.4
CVE-2025-12746
MEDIUM
Tainacan plugin - WordPress <1.0.0 - XSS
CVSS 6.1
CVE-2025-12661
MEDIUM
Pollcaster Shortcode Plugin - WordPress <1.0 - XSS
CVSS 6.4
CVE-2025-12660
MEDIUM
Padlet Shortcode <= 1.3 - Authenticated Stored Cross-Site Scripting via 'key' Parameter
CVSS 6.4
CVE-2025-12135
HIGH
WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting via CSS Code Parameter
CVSS 7.2
CVE-2025-11885
MEDIUM
EchBay Admin Security <= 1.3.0 - Unauthenticated Reflected Cross-Site Scripting via _ebnonce Parameter
CVSS 6.1
CVE-2025-11802
MEDIUM
Bulma Shortcodes <= 1.0 - Authenticated Stored Cross-Site Scripting via 'type' Shortcode Attribute
CVSS 6.4
CVE-2025-11801
MEDIUM
AudioTube <= 0.0.3 - Authenticated Stored Cross-Site Scripting via Caption Shortcode Attribute
CVSS 6.4
CVE-2025-11800
MEDIUM
Surbma | MiniCRM Shortcode <2.0 - XSS
CVSS 6.4
CVE-2025-11799
MEDIUM
Affiliate AI Lite <= 1.0.1 - Authenticated Stored Cross-Site Scripting via 'asin' Shortcode Attribute
CVSS 6.4
CVE-2025-11770
MEDIUM
BrightTALK WordPress Shortcode <2.4.0 - XSS
CVSS 6.4
CVE-2025-11768
MEDIUM
Islamic Phrases WordPress <2.12.2015 - XSS
CVSS 6.4
CVE-2025-11767
MEDIUM
Tips Shortcode <= 0.2.1 - Authenticated Stored Cross-Site Scripting via 'tip' Shortcode
CVSS 6.4
CVE-2025-11765
MEDIUM
Stock Tools <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-11764
MEDIUM
Shortcodes Bootstrap < 1.1 - Authenticated Stored Cross-Site Scripting via Notification Shortcode Type Parameter
CVSS 6.4
CVE-2025-11763
MEDIUM
Display Pages Shortcode < 1.1 - Authenticated Stored Cross-Site Scripting via Column Count Parameter
CVSS 6.4
CVE-2025-61949
MEDIUM
LogStare Collector < 2.4.2 - Stored Cross-Site Scripting in UserManagement
CVSS 5.4
CVE-2025-62459
HIGH
Microsoft 365 Defender Portal - Spoofing
CVSS 8.3
CVE-2025-13484
LOW
Campcodes Beauty Parlor Management System 1.0 - XSS via Name Parameter in /admin/customer-list.php
CVSS 2.4
Details
Vulnerabilities
45,012
Exploit Likelihood
High