CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-58254 MEDIUM
dtbaker StylePress for Elementor <1.2.1 - XSS
CVSS 6.5
CVE-2025-58253 MEDIUM
Rameez Iqbal Real Estate Manager <7.3 - XSS
CVSS 6.5
CVE-2025-58248 MEDIUM
Pinterest Pinboard Widget <1.0.8 - XSS
CVSS 6.5
CVE-2025-58245 MEDIUM
bestweblayout Portfolio <2.58 - XSS
CVSS 5.9
CVE-2025-58242 MEDIUM
Vadim Bogaiskov Bg Church Memos - XSS
CVSS 6.5
CVE-2025-58241 MEDIUM
SnapWidget Social Photo Feed Widget <1.1.0 - XSS
CVSS 6.5
CVE-2025-58240 MEDIUM
Michel - xiligroup dev xili-tidy-tags <1.12.06 - XSS
CVSS 6.5
CVE-2025-58239 MEDIUM
Chandrika Sista WP Category Dropdown <1.9 - XSS
CVSS 6.5
CVE-2025-58238 MEDIUM
ONTRAPORT PilotPress <= 2.0.36 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58237 MEDIUM
Niaj Morshed LC Wizard <1.3.0 - XSS
CVSS 6.5
CVE-2025-58235 MEDIUM
Rustaurius Front End Users <3.2.33 - XSS
CVSS 6.5
CVE-2025-58234 MEDIUM
JoomSky JS Job Manager <= 2.0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58233 MEDIUM
Guaven Labs SQL Chart Builder <2.3.7.2 - XSS
CVSS 6.5
CVE-2025-58232 MEDIUM
Image Editor by Pixo <= 2.3.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58231 MEDIUM
Bitly <= 2.8.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58230 MEDIUM
bdthemes ZoloBlocks <= 2.3.12 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58229 MEDIUM
webvitaly Sitekit <= 2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58228 MEDIUM
ShapedPlugin LLC Quick View for WooCommerce <2.2.16 - XSS
CVSS 6.5
CVE-2025-58227 MEDIUM
Podlove Subscribe button <= 1.3.11 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58223 MEDIUM
VoucherPress <= 1.5.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58220 MEDIUM
Techeshta Card Elements for WPBakery <1.0.8 - XSS
CVSS 6.5
CVE-2025-58033 MEDIUM
Draft <= 3.0.9 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58031 MEDIUM
Nextend Facebook Connect <3.1.19 - XSS
CVSS 6.5
CVE-2025-58030 MEDIUM
webvitaly Page-list <= 5.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58028 MEDIUM
Aum Watcharapon Designil PDPA Thailand <2.0 - XSS
CVSS 6.5
Details
Vulnerabilities 45,133
Exploit Likelihood High