CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,141 vulnerabilities with CWE-79
CVE-2025-53582 MEDIUM
WordLift <= 3.54.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53581 MEDIUM
artiosmedia RSS Feed Pro <1.1.8 - XSS
CVSS 5.9
CVE-2025-53575 HIGH
Primer MyData for Woocommerce <4.2.5 - XSS
CVSS 7.1
CVE-2025-53342 MEDIUM
GoodLayers Modernize <= 3.4.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53330 MEDIUM
WP Rentals <= 3.16.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-52771 MEDIUM
Video Expander <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-52335 MEDIUM
EyouCMS 1.7.3 - Cross-Site Scripting in index.php
CVSS 6.1
CVE-2025-20235 MEDIUM
Cisco Secure Firewall Management Center - XSS
CVSS 6.1
CVE-2025-53631 MEDIUM
flaskBlog < 2.8.1 - Stored Cross-Site Scripting via Post Content
CVSS 5.4
CVE-2025-54706 MEDIUM
Noor Alam Magical Posts Display <1.2.52 - XSS
CVSS 6.5
CVE-2025-54704 MEDIUM
hashthemes Easy Elementor Addons <2.2.6 - XSS
CVSS 6.5
CVE-2025-54699 MEDIUM
Masteriyo - LMS <= 1.18.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54696 MEDIUM
WPFunnels <= 3.5.26 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54688 MEDIUM
Crocoblock JetEngine <3.7.1.2 - XSS
CVSS 6.5
CVE-2025-54687 MEDIUM
Crocoblock JetTabs <= 2.2.9.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54684 MEDIUM
Integration for Contact Form 7 and Constant Contact <= 1.1.7 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-54683 MEDIUM
Astoundify WP Modal Popup <2.4 - XSS
CVSS 5.9
CVE-2025-54680 MEDIUM
Sparkle Themes Blogger Buzz <1.2.6 - XSS
CVSS 6.5
CVE-2025-54676 MEDIUM
vcita Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54668 MEDIUM
myCred <= 2.9.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-52788 HIGH
Russell Jamieson CaptionPix <1.8 - XSS
CVSS 7.1
CVE-2025-52730 MEDIUM
themefunction WordPress Event Manager <4.0.24 - XSS
CVSS 6.5
CVE-2025-50040 MEDIUM
moshensky CF7 Spreadsheets <2.3.2 - XSS
CVSS 6.5
CVE-2025-49437 MEDIUM
WP LOL Rotation <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-49433 MEDIUM
Supermalink <= 1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,141
Exploit Likelihood High