CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,028 vulnerabilities with CWE-79
CVE-2025-12711
MEDIUM
WordPress Share to Google Classroom <1.0 - XSS
CVSS 6.4
CVE-2025-12672
MEDIUM
Flickr Show <= 1.5 - Authenticated Stored Cross-Site Scripting via div_height Parameter
CVSS 6.4
CVE-2025-12671
MEDIUM
WP-Iconics <= 0.0.4 - Authenticated Stored Cross-Site Scripting via Shortcode Parameters
CVSS 6.4
CVE-2025-12668
MEDIUM
WP Count Down Timer <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Parameters
CVSS 6.4
CVE-2025-12667
MEDIUM
GitHub Gist Shortcode Plugin <0.3 - XSS
CVSS 6.4
CVE-2025-12663
MEDIUM
Jeba Cute forkit <= 1.0 - Authenticated Stored Cross-Site Scripting via 'text' Parameter
CVSS 6.4
CVE-2025-12662
MEDIUM
Coon Google Maps < 1.0 - Authenticated Stored Cross-Site Scripting via Map Shortcode Height Parameter
CVSS 6.4
CVE-2025-12658
MEDIUM
WordPress Preload Current Images <1.3 - XSS
CVSS 6.4
CVE-2025-12652
MEDIUM
Ungapped Widgets <= 1 - Authenticated Stored Cross-Site Scripting via Prefillvalues Parameter
CVSS 6.4
CVE-2025-12651
MEDIUM
Live Photos on WordPress <= 0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Parameters
CVSS 6.4
CVE-2025-12644
MEDIUM
Nonaki WordPress Plugin <=1.0.11 - Authenticated Stored XSS via 'nonaki' Shortcode
CVSS 6.4
CVE-2025-12632
MEDIUM
RandomQuotr <= 1.0.4 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2025-12631
MEDIUM
Squirrels Auto Inventory <1.0.3 - XSS
CVSS 4.4
CVE-2025-12538
MEDIUM
Fleet Manager <= 2.5.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-12021
MEDIUM
WP-OAuth <= 0.4.1 - Unauthenticated Reflected Cross-Site Scripting via Error Description Parameter
CVSS 6.1
CVE-2025-12020
MEDIUM
Double the Donation WordPress <2.0.0 - XSS
CVSS 4.9
CVE-2025-12019
MEDIUM
Featured Image <= 2.1 - Authenticated Stored Cross-Site Scripting via Image Metadata
CVSS 4.4
CVE-2025-11882
MEDIUM
Simple Donate <= 1.0 - Authenticated Stored Cross-Site Scripting via simpledonate Shortcode
CVSS 6.4
CVE-2025-11873
MEDIUM
WP BBCode <= 1.8.1 - Authenticated Stored Cross-Site Scripting via URL Shortcode
CVSS 6.4
CVE-2025-11869
MEDIUM
Precise Columns <= 1.0 - Authenticated Stored Cross-Site Scripting via wrap_id Shortcode Attribute
CVSS 6.4
CVE-2025-11863
MEDIUM
My Geo Posts Free <= 1.2 - Authenticated Stored Cross-Site Scripting via 'mygeo_city' Shortcode
CVSS 6.4
CVE-2025-11860
MEDIUM
Twitter Feed < 1.3.1 - Authenticated Stored Cross-Site Scripting via 'ottwitter_feed' Shortcode Parameters
CVSS 6.4
CVE-2025-11859
MEDIUM
Paypal Donation Shortcode <0.1 - XSS
CVSS 6.4
CVE-2025-11856
MEDIUM
Eventbee Ticketing Widget <1.0 - XSS
CVSS 6.4
CVE-2025-11829
MEDIUM
Five9 Live Chat <= 1.1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Toolbar Attribute
CVSS 6.4
Details
Vulnerabilities
45,028
Exploit Likelihood
High