CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-57973 MEDIUM
Chad Butler WP-Members <3.5.4.2 - XSS
CVSS 5.5
CVE-2025-57968 HIGH
VikRestaurants Table Reservations and Take-Away <= 1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-57967 MEDIUM
WPBean WPB Quick View for WooCommerce <2.1.8 - XSS
CVSS 6.5
CVE-2025-57966 MEDIUM
GhozyLab Gallery Lightbox <1.0.0.41 - XSS
CVSS 6.5
CVE-2025-57965 MEDIUM
WP Proposals < 2.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57964 MEDIUM
photonicgnostic Library Bookshelves <5.11 - XSS
CVSS 6.5
CVE-2025-57963 MEDIUM
Zoho Billing <= 4.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-57962 MEDIUM
VikRestaurants Table Reservations and Take-Away < 1.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57959 MEDIUM
tmatsuur Slightly troublesome permalink <1.2.0 - XSS
CVSS 5.9
CVE-2025-57956 MEDIUM
WooMS <= 9.12 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57954 MEDIUM
Ays Pro Poll Maker <= 6.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-57953 MEDIUM
Open User Map <= 1.4.14 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-57952 MEDIUM
Maps for WP <= 1.2.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57951 MEDIUM
ken107 SiteNarrator Text-to-Speech Widget <1.9 - XSS
CVSS 5.9
CVE-2025-57950 MEDIUM
Glen Scott Plugin Security Scanner <2.0.2 - XSS
CVSS 5.9
CVE-2025-57948 MEDIUM
e-plugins Directory Pro <2.5.5 - XSS
CVSS 6.5
CVE-2025-57947 MEDIUM
Photo Gallery by Ays <= 6.3.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-57945 MEDIUM
cedcommerce WP Advanced PDF <1.1.7 - XSS
CVSS 5.9
CVE-2025-57941 MEDIUM
JonathanMH Append Link on Copy <0.2 - XSS
CVSS 5.9
CVE-2025-57940 MEDIUM
Suresh Kumar Mukhiya Append <1.1.2 - XSS
CVSS 5.9
CVE-2025-57938 MEDIUM
themewant Easy Hotel Booking <1.6.9 - XSS
CVSS 6.5
CVE-2025-57935 MEDIUM
Bot Block - Stop Spam Referrals in Google Analytics <= 2.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57932 MEDIUM
PowerFolio <= 3.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57929 MEDIUM
kanwei_doublethedonation <2.0.0 - XSS
CVSS 5.9
CVE-2025-57926 MEDIUM
WP Chill Passster <= 4.2.18 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,133
Exploit Likelihood High