CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,128 vulnerabilities with CWE-79
CVE-2025-60157 MEDIUM
WP Ticket Customer Service Software & Support Ticket System <6.0.2 ...
CVSS 6.5
CVE-2025-60154 MEDIUM
Jennifer Moss MWW Disclaimer Buttons <= 3.41 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60149 MEDIUM
Notely <= 1.8.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60147 MEDIUM
HT Feed <= 1.3.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-60146 MEDIUM
Amit Verma Map Categories to Pages <1.3.2 - XSS
CVSS 5.9
CVE-2025-60144 MEDIUM
Lenix scss compiler <= 1.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60142 MEDIUM
DaganLev Simple Meta Tags <1.5 - XSS
CVSS 6.5
CVE-2025-60141 MEDIUM
The Tribal <= 1.3.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60138 MEDIUM
SKT Blocks <= 2.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-60136 MEDIUM
User Notes <= 1.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60133 MEDIUM
DJ-Extensions.com PE Easy Slider <1.1.0 - XSS
CVSS 5.9
CVE-2025-60124 MEDIUM
Ryan Hellyer Simple Colorbox <1.6.1 - XSS
CVSS 6.5
CVE-2025-60112 MEDIUM
aThemes Addons for Elementor <1.1.3 - XSS
CVSS 6.5
CVE-2025-60105 MEDIUM
metaphorcreations Ditty <3.1.58 - XSS
CVSS 6.5
CVE-2025-60104 MEDIUM
Jordy Meow Gallery Custom Links <2.2.5 - XSS
CVSS 5.9
CVE-2025-60102 MEDIUM
WPFront User Role Editor <4.2.3 - XSS
CVSS 6.5
CVE-2025-60101 MEDIUM
Woostify <= 2.4.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-60099 MEDIUM
awsm.in Embed Any Document <2.7.7 - XSS
CVSS 6.5
CVE-2025-60040 MEDIUM
wp-mpdf <= 3.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-59012 HIGH
Traveler < 3.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-58917 MEDIUM
Quantities and Units for WooCommerce <1.0.13 - XSS
CVSS 6.5
CVE-2025-4957 HIGH
Metagauss ProfileGrid <5.9.5.7 - XSS
CVSS 7.1
CVE-2025-48107 HIGH
Uncode < 2.9.4.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27006 MEDIUM
Authorsy <= 1.0.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-10490 MEDIUM
Zephyr Project Manager <3.3.202 - XSS
CVSS 4.4
Details
Vulnerabilities 45,128
Exploit Likelihood High