CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,730 vulnerabilities with CWE-79
CVE-2026-40732
HIGH
WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-39540
MEDIUM
WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39514
HIGH
WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-39507
HIGH
WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-39491
MEDIUM
WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39463
HIGH
WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-39451
MEDIUM
WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.3
CVE-2026-39449
HIGH
WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-39447
HIGH
WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-39435
HIGH
WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-34902
HIGH
WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-34900
HIGH
WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-23970
HIGH
WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-49294
MEDIUM
Valhalla has reflected XSS via unsanitized JSONP callback parameter
CVSS 6.1
CVE-2026-12202
LOW
Intelliants Subrion CMS Blocks Endpoint cross site scripting
CVSS 2.4
CVE-2026-12176
MEDIUM
SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting
CVSS 4.3
CVE-2026-5513
HIGH
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
CVSS 7.2
CVE-2026-9629
MEDIUM
Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute
CVSS 6.4
CVE-2026-3297
MEDIUM
Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block
CVSS 6.4
CVE-2026-9134
MEDIUM
Photo Gallery BY FooGallery < 3.1.31 - XSS
CVSS 6.4
CVE-2026-9109
HIGH
GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage
CVSS 7.2
CVE-2026-9061
LOW
Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name
CVSS 3.5
CVE-2026-11443
MEDIUM
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability
CVSS 4.6
CVE-2026-53608
HIGH
@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag
CVSS 8.7
CVE-2026-54395
MEDIUM
MISP UiBeta event index reflected XSS in advanced filter popup
Details
Vulnerabilities
44,730
Exploit Likelihood
High