CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,062 vulnerabilities with CWE-79
CVE-2025-52743 HIGH
bobbingwide oik-privacy-policy <= 1.4.9 - XSS
CVSS 7.1
CVE-2025-52742 HIGH
Igor Benic Pets <= 1.4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52741 HIGH
Barry Kooij Post Connector <1.0.12 - XSS
CVSS 7.1
CVE-2025-52736 HIGH
Daman Jeet Finale Lite <= 2.20.0 - XSS
CVSS 7.1
CVE-2025-52735 HIGH
NextMove Lite <= 2.24.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52734 HIGH
ERA404 CropRefine <= 1.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49992 HIGH
ThimPress LearnPress Export Import <4.0.9 - XSS
CVSS 7.1
CVE-2025-49963 HIGH
Simple Stripe Checkout <1.1.28 - XSS
CVSS 7.1
CVE-2025-49962 HIGH
bbPress Notify <= 2.19.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49960 MEDIUM
LeadBI Plugin for WordPress <= 1.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49959 HIGH
bbPress Move Topics <= 1.1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49958 HIGH
Robokassa payment gateway for Woocommerce <= 1.8.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49957 HIGH
Weboccult Technologies Pvt Ltd Email Attachment by Order Status &am...
CVSS 7.1
CVE-2025-49956 HIGH
Fade Slider <= 2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49955 HIGH
Rajan Vijayan WP Smart Flexslider <2.6 - XSS
CVSS 7.1
CVE-2025-49954 HIGH
mithra62 WP-Click-Tracker <=0.7.3 - XSS
CVSS 7.1
CVE-2025-49953 HIGH
ShareBang, Ultimate Social Share Buttons for WordPress <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49951 HIGH
wpcrunch gAppointments <= 1.14.1 - XSS
CVSS 7.1
CVE-2025-49948 HIGH
WP Super Edit <= 2.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49947 HIGH
extendons WooCommerce Registration Fields Plugin - Custom Signup Fi...
CVSS 7.1
CVE-2025-49946 HIGH
Cynob IT Consultancy Auto Login After Registration <=1.0.0 - XSS
CVSS 7.1
CVE-2025-49945 HIGH
kylegetson Shortcode Generator <=1.1 - XSS
CVSS 7.1
CVE-2025-49944 HIGH
WPCode Content Ratio <= 2.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49940 MEDIUM
ThemeFusion Fusion Builder <=3.13.2 - XSS
CVSS 6.5
CVE-2025-49939 MEDIUM
CrocoBlock JetElements For Elementor <= 2.7.8 - XSS
CVSS 6.5
Details
Vulnerabilities 45,062
Exploit Likelihood High