CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,141 vulnerabilities with CWE-79
CVE-2025-53582
MEDIUM
WordLift <= 3.54.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53581
MEDIUM
artiosmedia RSS Feed Pro <1.1.8 - XSS
CVSS 5.9
CVE-2025-53575
HIGH
Primer MyData for Woocommerce <4.2.5 - XSS
CVSS 7.1
CVE-2025-53342
MEDIUM
GoodLayers Modernize <= 3.4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53330
MEDIUM
WP Rentals <= 3.16.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-52771
MEDIUM
Video Expander <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-52335
MEDIUM
EyouCMS 1.7.3 - Cross-Site Scripting in index.php
CVSS 6.1
CVE-2025-20235
MEDIUM
Cisco Secure Firewall Management Center - XSS
CVSS 6.1
CVE-2025-53631
MEDIUM
flaskBlog < 2.8.1 - Stored Cross-Site Scripting via Post Content
CVSS 5.4
CVE-2025-54706
MEDIUM
Noor Alam Magical Posts Display <1.2.52 - XSS
CVSS 6.5
CVE-2025-54704
MEDIUM
hashthemes Easy Elementor Addons <2.2.6 - XSS
CVSS 6.5
CVE-2025-54699
MEDIUM
Masteriyo - LMS <= 1.18.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54696
MEDIUM
WPFunnels <= 3.5.26 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54688
MEDIUM
Crocoblock JetEngine <3.7.1.2 - XSS
CVSS 6.5
CVE-2025-54687
MEDIUM
Crocoblock JetTabs <= 2.2.9.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54684
MEDIUM
Integration for Contact Form 7 and Constant Contact <= 1.1.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-54683
MEDIUM
Astoundify WP Modal Popup <2.4 - XSS
CVSS 5.9
CVE-2025-54680
MEDIUM
Sparkle Themes Blogger Buzz <1.2.6 - XSS
CVSS 6.5
CVE-2025-54676
MEDIUM
vcita Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54668
MEDIUM
myCred <= 2.9.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-52788
HIGH
Russell Jamieson CaptionPix <1.8 - XSS
CVSS 7.1
CVE-2025-52730
MEDIUM
themefunction WordPress Event Manager <4.0.24 - XSS
CVSS 6.5
CVE-2025-50040
MEDIUM
moshensky CF7 Spreadsheets <2.3.2 - XSS
CVSS 6.5
CVE-2025-49437
MEDIUM
WP LOL Rotation <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49433
MEDIUM
Supermalink <= 1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,141
Exploit Likelihood
High