CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,062 vulnerabilities with CWE-79
CVE-2025-49938
MEDIUM
CrocoBlock JetEngine <= 3.7.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49936
MEDIUM
WoodMart < 8.3.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-49934
MEDIUM
CrocoBlock JetBlocks For Elementor <= 1.3.18 - XSS
CVSS 6.5
CVE-2025-49933
MEDIUM
CrocoBlock JetBlog <= 2.4.4 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-49932
MEDIUM
CrocoBlock JetBlog <= 2.4.4.1 - XSS
CVSS 6.5
CVE-2025-49930
HIGH
CrocoBlock JetSearch <= 3.5.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49929
MEDIUM
Ultimate Blocks <= 3.3.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49928
MEDIUM
CrocoBlock JetWooBuilder <= 2.1.20 - XSS
CVSS 6.5
CVE-2025-49927
MEDIUM
CrocoBlock JetWooBuilder <= 2.1.20.1 - XSS
CVSS 6.5
CVE-2025-49923
MEDIUM
Seriously Simple Podcasting <= 3.11.1 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2025-49912
MEDIUM
Nks Email Subscription Popup <=1.2.26 - XSS
CVSS 5.9
CVE-2025-49911
HIGH
WooCommerce Vehicle Parts Finder <= 3.7 - XSS
CVSS 7.1
CVE-2025-49908
MEDIUM
WPClever WPC Countdown Timer for WooCommerce <= 3.1.4 - XSS
CVSS 6.5
CVE-2025-48098
HIGH
Ays Pro Survey Maker <=5.1.8.8 - XSS
CVSS 7.1
CVE-2025-48097
HIGH
WSAnalytics <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48095
MEDIUM
Ays Pro Survey Maker <5.1.8.8 - XSS
CVSS 5.9
CVE-2025-48093
HIGH
Calvaweb Password only login <= 0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48092
HIGH
Fix Multiple Redirects <=1.2.3 - XSS
CVSS 7.1
CVE-2025-39534
HIGH
Somonator Terms Dictionary <=1.5.1 - XSS
CVSS 7.1
CVE-2025-11966
MEDIUM
Eclipse Vert.x 4.0.0-4.5.21 and 5.0.0-5.0.4 - Stored Cross-Site Scripting via Directory Listing Filename Injection
CVSS 6.4
CVE-2025-8848
MEDIUM
librechat 0.7.9 - HTML Injection via Accept-Language Header
CVSS 5.4
CVE-2025-11952
MEDIUM
Oct8ne Chatbot 2.3 - Stored Cross-Site Scripting via Transcript Email
CVSS 6.1
CVE-2025-11883
MEDIUM
Responsive Progress Bar <= 1.0 - Authenticated Stored Cross-Site Scripting via rprogress Shortcode
CVSS 6.4
CVE-2025-11880
MEDIUM
SM CountDown Widget <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-11878
MEDIUM
ST Categories Widget <= 1.0.0 - Authenticated Stored Cross-Site Scripting via st-categories Shortcode
CVSS 6.4
Details
Vulnerabilities
45,062
Exploit Likelihood
High