CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,128 vulnerabilities with CWE-79
CVE-2025-59586 MEDIUM
PenciDesign Penci Portfolio <3.5 - XSS
CVSS 6.5
CVE-2025-59585 MEDIUM
PenciDesign Penci Recipe <4.0 - XSS
CVSS 6.5
CVE-2025-59584 MEDIUM
PenciDesign Penci Podcast <1.6 - XSS
CVSS 6.5
CVE-2025-59583 MEDIUM
PenciDesign Penci Filter Everything - XSS
CVSS 6.5
CVE-2025-59574 MEDIUM
WP Travel Engine <= 1.4.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-59569 MEDIUM
CubeWP <= 1.1.26 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-59565 MEDIUM
WP Swings Upsell Order Bump Offer for WooCommerce <3.0.7 - XSS
CVSS 6.5
CVE-2025-59553 MEDIUM
Coderz Studio Custom iFrame for Elementor <1.0.14 - XSS
CVSS 6.5
CVE-2025-59552 MEDIUM
Save as PDF <= 4.5.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-59549 MEDIUM
GetResponse Forms <= 2.6.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-59430 HIGH
meshconnect web-link-sdk < 3.3.2 - Cross-Site Scripting via createLink.openLink URL Protocol
CVSS 8.2
CVE-2025-58992 MEDIUM
impleCode Product Catalog <1.8.2 - XSS
CVSS 6.5
CVE-2025-58974 MEDIUM
StellarWP WPComplete <2.9.5.2 - XSS
CVSS 6.5
CVE-2025-58965 MEDIUM
Agency Dominion Inc. Fusion Page Builder - XSS
CVSS 6.5
CVE-2025-58960 MEDIUM
brijeshk89 IP Based Login <2.4.3 - XSS
CVSS 5.9
CVE-2025-58704 MEDIUM
Ren Ventura WP Delete User Accounts <1.2.4 - XSS
CVSS 6.5
CVE-2025-58703 MEDIUM
Skyword API Plugin <= 2.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58702 MEDIUM
WebWizards MarketKing <2.0.92 - XSS
CVSS 6.5
CVE-2025-58691 MEDIUM
Genesis Club Lite <= 1.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58689 MEDIUM
Tapfiliate <= 3.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58684 MEDIUM
Themepoints Logo Showcase <3.0.9 - XSS
CVSS 6.5
CVE-2025-58683 MEDIUM
Last Updated Shortcode <1.0.1 - XSS
CVSS 6.5
CVE-2025-58682 MEDIUM
Kama Click Counter <= 4.0.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58671 HIGH
Morganrichards Auction Feed <1.1.3 - XSS
CVSS 7.1
CVE-2025-58669 MEDIUM
Modern Minds Magento 2 WordPress Integration - XSS
CVSS 5.9
Details
Vulnerabilities 45,128
Exploit Likelihood High