CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,137 vulnerabilities with CWE-79
CVE-2025-9057 MEDIUM
Biagiotti Core <= 2.1.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-53307 HIGH
Beaver Builder WordPress Assistant <= 1.5.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48105 MEDIUM
Vincent Boiardt Easy Flash Embed - XSS
CVSS 6.5
CVE-2025-48103 MEDIUM
mulscully Today's Date Inserter <1.2.1 - XSS
CVSS 6.5
CVE-2025-48102 MEDIUM
GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.6.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-8695 MEDIUM
Netcad NetGIS Server <22.08.2025 - XSS
CVSS 5.4
CVE-2025-58887 MEDIUM
Course Booking Platform <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58886 MEDIUM
Tan Nguyen Instant Locations <1.0 - XSS
CVSS 5.9
CVE-2025-58884 MEDIUM
Ivan Drago vipdrv <= 1.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-58883 MEDIUM
Thomas Harris Search Cloud One - XSS
CVSS 5.9
CVE-2025-58882 MEDIUM
w1zzard Simple Text Slider <1.0.5 - XSS
CVSS 6.5
CVE-2025-58880 MEDIUM
reubenthiessen Translate This gTranslate Shortcode <1.0 - XSS
CVSS 6.5
CVE-2025-58876 MEDIUM
Aparat Video Shortcode <0.2.4 - XSS
CVSS 6.5
CVE-2025-58875 MEDIUM
WP Github Gist <= 0.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58874 MEDIUM
StoryMap <= 2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58873 MEDIUM
Pushe Web Push Notification <0.5.0 - XSS
CVSS 5.9
CVE-2025-58871 MEDIUM
Luis Rock Master Paper Collapse Toggle - XSS
CVSS 6.5
CVE-2025-58870 MEDIUM
WP-GraphViz <= 1.5.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-58868 MEDIUM
SimaCookie <= 1.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58867 MEDIUM
Remi Corson Easy Download Media Counter <1.2 - XSS
CVSS 6.5
CVE-2025-58864 MEDIUM
iamroody <1.0 - XSS
CVSS 6.5
CVE-2025-58863 MEDIUM
SdeWijs Zoomify embed for WP <1.5.2 - XSS
CVSS 6.5
CVE-2025-58862 MEDIUM
George Sexton WordPress Events Calendar Plugin - connectDaily <1.5....
CVSS 6.5
CVE-2025-58858 MEDIUM
WPBean WPB Image Widget <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-58857 HIGH
KaizenCoders Table of content <1.5.3.1 - XSS
CVSS 7.1
Details
Vulnerabilities 45,137
Exploit Likelihood High