CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-62987 MEDIUM
Builderall Builder for WordPress <= 3.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62985 MEDIUM
llamaman Simple Pull Quote <= 1.6.3 - XSS
CVSS 6.5
CVE-2025-62984 MEDIUM
WP AdCenter <= 2.6.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62983 MEDIUM
Sudar Muthu Posts By Tag <= 3.2.1 - XSS
CVSS 6.5
CVE-2025-62982 MEDIUM
Sarah Giles Dynamic User Directory <= 2.3 - XSS
CVSS 5.9
CVE-2025-62974 MEDIUM
CoSchedule Headline Analyzer <=1.3.7 - XSS
CVSS 6.5
CVE-2025-62971 MEDIUM
CrestaProject Attesa Extra <=1.4.5 - XSS
CVSS 6.5
CVE-2025-62969 MEDIUM
XLPlugins NextMove Lite <2.21.0 - XSS
CVSS 6.5
CVE-2025-62968 MEDIUM
Sayan Datta WP Last Modified Info <1.9.3 - XSS
CVSS 6.5
CVE-2025-62967 MEDIUM
DirectoryPress <= 3.6.25 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62963 MEDIUM
Estatik <= 4.3.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62951 MEDIUM
icc0rz Interactive Content - H5P <= 1.16.0 - XSS
CVSS 6.5
CVE-2025-62949 MEDIUM
BuddyDev Activity Plus Reloaded - XSS
CVSS 6.5
CVE-2025-62948 MEDIUM
Date counter <= 2.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62943 MEDIUM
Matt McInvale Next Page, Not Next Post <0.3.0 - XSS
CVSS 6.5
CVE-2025-62942 MEDIUM
tempranova WP Mapbox GL JS Maps <3.0.1 - XSS
CVSS 6.5
CVE-2025-62941 MEDIUM
dFactory Events Maker <1.6.14 - XSS
CVSS 6.5
CVE-2025-62940 MEDIUM
Blox Lite <= 1.2.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62939 MEDIUM
artiss-currency-converter <= 1.5.0 - XSS
CVSS 6.5
CVE-2025-62937 MEDIUM
Johnny Post List Featured Image <0.5.9 - XSS
CVSS 6.5
CVE-2025-62930 MEDIUM
MapSVG <= 8.7.22 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62923 MEDIUM
Debuggers Studio Marquee Addons for Elementor <=3.7.12 - XSS
CVSS 6.5
CVE-2025-62921 MEDIUM
Pagup Bulk Auto Image Title Attribute <= 2.0.1 - XSS
CVSS 6.5
CVE-2025-62920 MEDIUM
USERCENTRICS CMP <= 1.0.9 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-62917 MEDIUM
Jamel.Z Tooltipy <= 5.5.9 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,062
Exploit Likelihood High