CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-62913 MEDIUM
Opal Service <= 1.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62912 MEDIUM
SiteGround Email Marketing <2.8 - XSS
CVSS 6.5
CVE-2025-62911 MEDIUM
Rock Content Rock Convert <3.0.1 - XSS
CVSS 6.5
CVE-2025-62910 MEDIUM
Video Gallery by Huzzaz <= 10.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62907 MEDIUM
aviplugins.com Custom Post Type Attachment <3.4.6 - XSS
CVSS 6.5
CVE-2025-62905 MEDIUM
Justin Tadlock Query Posts <=0.3.2 - XSS
CVSS 6.5
CVE-2025-62904 MEDIUM
WP Geo <= 3.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62903 MEDIUM
WPClever WPC Smart Messages <4.2.4 - XSS
CVSS 6.5
CVE-2025-62900 MEDIUM
Popular Posts by Webline <1.1.1 - XSS
CVSS 6.5
CVE-2025-62899 MEDIUM
Photospace Responsive <= 2.2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-62898 MEDIUM
Links shortcode <= 1.8.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-62894 MEDIUM
magicoders ACF Recent Posts Widget <=5.9.3 - XSS
CVSS 6.5
CVE-2025-62887 MEDIUM
King Addons for Elementor <= 51.1.61 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-62885 MEDIUM
RexTheme WP VR <= 8.5.48 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-12284 MEDIUM
BLU-IC2 and BLU-IC4 Firmware <= 1.19.5 - Improper Input Validation in Web UI
CVSS 6.1
CVE-2025-55757 MEDIUM
VirtueMart component for Joomla 1.0.0-4.4.10 - Unauthenticated Reflected Cross-Site Scripting
CVSS 6.1
CVE-2025-11897 MEDIUM
The7 - Website and eCommerce Builder - XSS
CVSS 6.4
CVE-2025-12034 MEDIUM
Fast Velocity Minify <= 3.5.1 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2025-11875 MEDIUM
SpendeOnline.org <= 3.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-10580 MEDIUM
Widget Options <= 4.1.2 - Authenticated Stored XSS
CVSS 6.4
CVE-2025-8666 MEDIUM
Testimonial Carousel For Elementor <11.6.2 - XSS
CVSS 6.4
CVE-2025-8588 MEDIUM
Gutenberg Blocks - PublishPress Blocks <3.3.4 - XSS
CVSS 6.4
CVE-2025-8413 MEDIUM
Listeo WordPress Theme <= 2.0.8 - Authenticated Stored XSS via SoundCloud Shortcode
CVSS 6.4
CVE-2025-11238 HIGH
Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer Header
CVSS 7.2
CVE-2025-10737 MEDIUM
Open Source Genesis Framework <3.6.0 - XSS
CVSS 6.4
Details
Vulnerabilities 45,062
Exploit Likelihood High