CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,139 vulnerabilities with CWE-79
CVE-2025-49893
HIGH
liseperu Elizaibots <1.0.2 - XSS
CVSS 7.1
CVE-2025-49428
HIGH
Dourou Cookie Warning < 1.3 - Stored Cross-Site Scripting
CVSS 7.5
CVE-2025-49424
HIGH
Essential Doo Components for Visual Composer <1.9 - XSS
CVSS 7.1
CVE-2025-49420
HIGH
Markup Markdown <3.20.6 - XSS
CVSS 7.1
CVE-2025-49413
HIGH
Wishloop Terms of Service & Privacy Policy Generator - XSS
CVSS 7.1
CVE-2025-49412
MEDIUM
numixtech Page Transition <1.3 - XSS
CVSS 5.9
CVE-2025-49411
HIGH
Vikas Sharma iFrame Block <0.1.1 - XSS
CVSS 7.1
CVE-2025-49410
CRITICAL
Imran Emu TC Testimonials <1.1.1. - XSS
CVSS 10.0
CVE-2025-49409
CRITICAL
brewlabs SensorPress < 1.0 - Stored Cross-Site Scripting
CVSS 9.8
CVE-2025-49400
CRITICAL
osama.esh WP Visitor Statistics <8.2 - XSS
CVSS 9.8
CVE-2025-49397
MEDIUM
Noor Alam Colorbox Lightbox <1.1.5 - XSS
CVSS 6.5
CVE-2025-49395
MEDIUM
Themify Icons <= 2.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49392
MEDIUM
Themify Audio Dock <= 2.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49389
MEDIUM
WEN Solutions Notice Bar <3.1.3 - XSS
CVSS 6.5
CVE-2025-48297
HIGH
quantumcloud Simple Link Directory - XSS
CVSS 7.1
CVE-2025-48296
HIGH
UpStore <= 1.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48170
HIGH
LambertGroup Universal Video Player <3.2.1 - XSS
CVSS 7.1
CVE-2025-48168
HIGH
Apollo - Sticky Full Width HTML5 Audio Player <= 3.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48163
HIGH
SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support <= 3.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48162
HIGH
quantumcloud Simple Business Directory Pro <15.5.1 - XSS
CVSS 7.1
CVE-2025-48159
HIGH
LambertGroup YouTube Vimeo Video Player & Slider WP Plugin <3.8 - XSS
CVSS 7.1
CVE-2025-48154
HIGH
LambertGroup Multimedia Playlist Slider Addon - XSS
CVSS 7.1
CVE-2025-48152
HIGH
Rentsyst <= 2.0.100 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48151
HIGH
CM Map Locations <= 2.1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28977
HIGH
ThimPress WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,139
Exploit Likelihood
High