CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-58027 MEDIUM
wpo-HR NGG Smart Image Search <3.4.3 - XSS
CVSS 6.5
CVE-2025-58026 MEDIUM
Termageddon: Cookie Consent & Privacy Compliance <= 1.8.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58025 MEDIUM
Master Slider <= 3.11.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58023 MEDIUM
akdevs Genealogical Tree <2.2.5 - XSS
CVSS 6.5
CVE-2025-58022 MEDIUM
ShortCode <= 0.8.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58021 MEDIUM
douglaskarr List Child Pages Shortcode <1.3.1 - XSS
CVSS 6.5
CVE-2025-58020 MEDIUM
Theater for WordPress <0.18.8 - XSS
CVSS 6.5
CVE-2025-58019 MEDIUM
Search Atlas SEO <= 2.5.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58018 MEDIUM
Richard Leishman Mail Subscribe List <2.1.10 - XSS
CVSS 6.5
CVE-2025-58017 MEDIUM
Ultimate Store Kit Elementor Addons <2.8.2 - XSS
CVSS 6.5
CVE-2025-58008 MEDIUM
xnau webdesign Participants Database <2.7.6.3 - XSS
CVSS 6.5
CVE-2025-58002 MEDIUM
GD bbPress Tools <= 3.5.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58001 MEDIUM
Noumaan Yaqoob Compact Archives <4.1.0 - XSS
CVSS 6.5
CVE-2025-57999 MEDIUM
WPKoi Templates for Elementor <3.4.1 - XSS
CVSS 6.5
CVE-2025-57998 MEDIUM
E-namad & Shamed Logo Manager - XSS
CVSS 5.9
CVE-2025-57996 MEDIUM
Buckets <= 0.3.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57993 MEDIUM
Benjamin Pick Geolocation IP Detection <5.5.0 - XSS
CVSS 6.5
CVE-2025-57989 MEDIUM
Brajesh Singh WordPress Widgets Shortcode <1.0.3 - XSS
CVSS 6.5
CVE-2025-57988 MEDIUM
Uncanny Owl Uncanny Toolkit for LearnDash <3.0.7.3 - XSS
CVSS 6.5
CVE-2025-57986 MEDIUM
WP Subtitle <= 3.4.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57982 MEDIUM
WPBean Advance Portfolio Grid <1.07.6 - XSS
CVSS 5.9
CVE-2025-57981 MEDIUM
WP Social Widget <= 2.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57980 MEDIUM
Tomas Cordero Safety Exit <1.8.0 - XSS
CVSS 5.9
CVE-2025-57979 MEDIUM
AuthorSure <= 2.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57974 MEDIUM
TZ PlusGallery <= 1.5.5 - Stored Cross-Site Scripting
CVSS 5.9
Details
Vulnerabilities 45,133
Exploit Likelihood High