CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,062 vulnerabilities with CWE-79
CVE-2025-62913
MEDIUM
Opal Service <= 1.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62912
MEDIUM
SiteGround Email Marketing <2.8 - XSS
CVSS 6.5
CVE-2025-62911
MEDIUM
Rock Content Rock Convert <3.0.1 - XSS
CVSS 6.5
CVE-2025-62910
MEDIUM
Video Gallery by Huzzaz <= 10.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62907
MEDIUM
aviplugins.com Custom Post Type Attachment <3.4.6 - XSS
CVSS 6.5
CVE-2025-62905
MEDIUM
Justin Tadlock Query Posts <=0.3.2 - XSS
CVSS 6.5
CVE-2025-62904
MEDIUM
WP Geo <= 3.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62903
MEDIUM
WPClever WPC Smart Messages <4.2.4 - XSS
CVSS 6.5
CVE-2025-62900
MEDIUM
Popular Posts by Webline <1.1.1 - XSS
CVSS 6.5
CVE-2025-62899
MEDIUM
Photospace Responsive <= 2.2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-62898
MEDIUM
Links shortcode <= 1.8.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62894
MEDIUM
magicoders ACF Recent Posts Widget <=5.9.3 - XSS
CVSS 6.5
CVE-2025-62887
MEDIUM
King Addons for Elementor <= 51.1.61 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62885
MEDIUM
RexTheme WP VR <= 8.5.48 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-12284
MEDIUM
BLU-IC2 and BLU-IC4 Firmware <= 1.19.5 - Improper Input Validation in Web UI
CVSS 6.1
CVE-2025-55757
MEDIUM
VirtueMart component for Joomla 1.0.0-4.4.10 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-11897
MEDIUM
The7 - Website and eCommerce Builder - XSS
CVSS 6.4
CVE-2025-12034
MEDIUM
Fast Velocity Minify <= 3.5.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-11875
MEDIUM
SpendeOnline.org <= 3.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-10580
MEDIUM
Widget Options <= 4.1.2 - Authenticated Stored XSS
CVSS 6.4
CVE-2025-8666
MEDIUM
Testimonial Carousel For Elementor <11.6.2 - XSS
CVSS 6.4
CVE-2025-8588
MEDIUM
Gutenberg Blocks - PublishPress Blocks <3.3.4 - XSS
CVSS 6.4
CVE-2025-8413
MEDIUM
Listeo WordPress Theme <= 2.0.8 - Authenticated Stored XSS via SoundCloud Shortcode
CVSS 6.4
CVE-2025-11238
HIGH
Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer Header
CVSS 7.2
CVE-2025-10737
MEDIUM
Open Source Genesis Framework <3.6.0 - XSS
CVSS 6.4
Details
Vulnerabilities
45,062
Exploit Likelihood
High