CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,747 vulnerabilities with CWE-79
CVE-2026-8891 MEDIUM
BitForm <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8887 MEDIUM
Listen Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8886 MEDIUM
hk_shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
CVSS 6.4
CVE-2026-8884 MEDIUM
Instant-Quote.co Quotation Page <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8877 MEDIUM
Responsive Video Embedder <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8875 MEDIUM
Easy Prism Syntax Highlighter <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8873 MEDIUM
Content Slideshow <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8872 MEDIUM
Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8871 MEDIUM
Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8870 MEDIUM
Team Master <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8869 MEDIUM
Mutual Funds Data <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
CVSS 6.4
CVE-2026-8868 MEDIUM
Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8867 MEDIUM
Post Categories Gallery <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8866 MEDIUM
jQuery googleslides <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8847 MEDIUM
Dideo <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8846 MEDIUM
Tuxquote <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8845 MEDIUM
Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8844 MEDIUM
Responsive Check <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8842 MEDIUM
Google+ Link Name <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8837 MEDIUM
WP Iframe Geo Style for Amazon affiliates <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'adid' Shortcode Attribute
CVSS 6.4
CVE-2026-8707 MEDIUM
NS Product icon badge <= 1.2.4 - Reflected Cross-Site Scripting via PHP_SELF
CVSS 6.1
CVE-2026-8703 MEDIUM
Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
CVSS 6.4
CVE-2026-8702 MEDIUM
GBI To Print <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'div' Shortcode Attribute
CVSS 6.4
CVE-2026-8701 MEDIUM
GNTT Post Title Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2026-8698 MEDIUM
Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute
CVSS 6.4
Details
Vulnerabilities 44,747
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits