CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,133 vulnerabilities with CWE-79
CVE-2025-57920
MEDIUM
CK MacLeod Category Featured Images Extended <1.52 - XSS
CVSS 5.9
CVE-2025-57913
MEDIUM
eleopard Behance Portfolio Manager <1.7.4 - XSS
CVSS 6.5
CVE-2025-57912
MEDIUM
Dialogity Free Live Chat <1.0.3 - XSS
CVSS 5.9
CVE-2025-57911
MEDIUM
WPFactory Adverts <= 1.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-57910
MEDIUM
AnyClip Luminous Studio <= 1.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57908
MEDIUM
ProWCPlugins Product Time Countdown <1.6.4 - XSS
CVSS 5.9
CVE-2025-57906
MEDIUM
Epeken All Kurir <= 2.0.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57904
MEDIUM
WP-EXPERTS.IN Sales Count Manager - WooCommerce <2.5 - XSS
CVSS 5.9
CVE-2025-57903
MEDIUM
WPSuperiors Developer WooCommerce Additional Fees On Checkout - XSS
CVSS 5.9
CVE-2025-57900
MEDIUM
GutenKit <= 2.4.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57898
MEDIUM
Jose Vega WP Frontend Admin <1.22.6 - XSS
CVSS 6.5
CVE-2025-55887
MEDIUM
ARD GEC En Ligne - transactionID Cross-Site Scripting
CVSS 6.1
CVE-2025-53570
MEDIUM
DELUCKS SEO <= 2.7.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53469
MEDIUM
BMI Adult & Kid Calculator <1.2.2 - XSS
CVSS 5.9
CVE-2025-53467
MEDIUM
Login-Logout <= 3.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53466
MEDIUM
CodeSolz Better Find and Replace <1.7.6 - XSS
CVSS 5.9
CVE-2025-53464
MEDIUM
Ironikus WP Mailto Links <3.1.4 - XSS
CVSS 5.9
CVE-2025-53463
MEDIUM
HT Mega - Absolute Addons for WPBakery Page Builder <1.0.9 - XSS
CVSS 6.5
CVE-2025-53462
MEDIUM
SAPO Feed <= 2.4.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53460
MEDIUM
Syed Balkhi AffiliateWP - External Referral Links <1.2.0 - XSS
CVSS 5.9
CVE-2025-53458
MEDIUM
Goracash <= 1.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53455
MEDIUM
CashBill CashBill.pl - WooCommerce <3.2.1 - XSS
CVSS 5.9
CVE-2025-53454
MEDIUM
Rustaurius Ultimate WP Mail <1.3.8 - XSS
CVSS 6.5
CVE-2025-52367
MEDIUM
PivotX CMS 3.0.0 RC 3 - Stored Cross-Site Scripting via Subtitle Field
CVSS 5.4
CVE-2025-55888
HIGH
ARD GEC En Ligne - Ajax accountName Cross-Site Scripting
CVSS 7.3
Details
Vulnerabilities
45,133
Exploit Likelihood
High