CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,133 vulnerabilities with CWE-79
CVE-2025-57920 MEDIUM
CK MacLeod Category Featured Images Extended <1.52 - XSS
CVSS 5.9
CVE-2025-57913 MEDIUM
eleopard Behance Portfolio Manager <1.7.4 - XSS
CVSS 6.5
CVE-2025-57912 MEDIUM
Dialogity Free Live Chat <1.0.3 - XSS
CVSS 5.9
CVE-2025-57911 MEDIUM
WPFactory Adverts <= 1.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-57910 MEDIUM
AnyClip Luminous Studio <= 1.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57908 MEDIUM
ProWCPlugins Product Time Countdown <1.6.4 - XSS
CVSS 5.9
CVE-2025-57906 MEDIUM
Epeken All Kurir <= 2.0.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-57904 MEDIUM
WP-EXPERTS.IN Sales Count Manager - WooCommerce <2.5 - XSS
CVSS 5.9
CVE-2025-57903 MEDIUM
WPSuperiors Developer WooCommerce Additional Fees On Checkout - XSS
CVSS 5.9
CVE-2025-57900 MEDIUM
GutenKit <= 2.4.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-57898 MEDIUM
Jose Vega WP Frontend Admin <1.22.6 - XSS
CVSS 6.5
CVE-2025-55887 MEDIUM
ARD GEC En Ligne - transactionID Cross-Site Scripting
CVSS 6.1
CVE-2025-53570 MEDIUM
DELUCKS SEO <= 2.7.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53469 MEDIUM
BMI Adult & Kid Calculator <1.2.2 - XSS
CVSS 5.9
CVE-2025-53467 MEDIUM
Login-Logout <= 3.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53466 MEDIUM
CodeSolz Better Find and Replace <1.7.6 - XSS
CVSS 5.9
CVE-2025-53464 MEDIUM
Ironikus WP Mailto Links <3.1.4 - XSS
CVSS 5.9
CVE-2025-53463 MEDIUM
HT Mega - Absolute Addons for WPBakery Page Builder <1.0.9 - XSS
CVSS 6.5
CVE-2025-53462 MEDIUM
SAPO Feed <= 2.4.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53460 MEDIUM
Syed Balkhi AffiliateWP - External Referral Links <1.2.0 - XSS
CVSS 5.9
CVE-2025-53458 MEDIUM
Goracash <= 1.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53455 MEDIUM
CashBill CashBill.pl - WooCommerce <3.2.1 - XSS
CVSS 5.9
CVE-2025-53454 MEDIUM
Rustaurius Ultimate WP Mail <1.3.8 - XSS
CVSS 6.5
CVE-2025-52367 MEDIUM
PivotX CMS 3.0.0 RC 3 - Stored Cross-Site Scripting via Subtitle Field
CVSS 5.4
CVE-2025-55888 HIGH
ARD GEC En Ligne - Ajax accountName Cross-Site Scripting
CVSS 7.3
Details
Vulnerabilities 45,133
Exploit Likelihood High