CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,142 vulnerabilities with CWE-79
CVE-2025-49433
MEDIUM
Supermalink <= 1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-49065
HIGH
BestiaDurmiente Visit Counter <1.0 - XSS
CVSS 7.1
CVE-2025-49064
HIGH
Webilop User Language Switch <= 1.6.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49063
HIGH
i3geek BaiduXZH Submit <1.4.6 - XSS
CVSS 7.1
CVE-2025-49062
HIGH
cornfeed WP-jScrollPane <2.0.3 - XSS
CVSS 7.1
CVE-2025-49061
MEDIUM
perteus Porn Videos Embed <0.9.1 - XSS
CVSS 6.5
CVE-2025-49058
HIGH
SoundSt SEO Search <= 1.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49057
HIGH
WP Voting <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49056
HIGH
Duoshuo Social Comment Box <1.2 - XSS
CVSS 7.1
CVE-2025-49054
HIGH
Time Sheets <= 2.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49053
MEDIUM
WP Airdrop Manager <= 1.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49051
MEDIUM
biscia7 Hide Text Shortcode <1.1 - XSS
CVSS 6.5
CVE-2025-49048
MEDIUM
Inspectlet - User Session Recording and Heatmaps <= 2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49047
MEDIUM
DigitalOcean Spaces Sync <2.2.1 - XSS
CVSS 5.9
CVE-2025-49038
HIGH
Soflyy WP Dynamic Links <1.0.1 - XSS
CVSS 7.1
CVE-2025-49037
HIGH
Federico Rota Auth & xmlrpc <1.2.2 - XSS
CVSS 7.1
CVE-2025-47689
HIGH
Video Blogster Lite <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47610
MEDIUM
Wetail WooCommerce Fortnox Integration <4.5.6 - XSS
CVSS 6.5
CVE-2025-31007
HIGH
Alvind Billplz Addon for Contact Form 7 <1.2.0 - XSS
CVSS 7.1
CVE-2025-30626
HIGH
LambertGroup Multimedia Playlist Slider Addon - XSS
CVSS 7.1
CVE-2025-29014
HIGH
ZoomIt FoodMenu <= 1.20 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28999
HIGH
ZoomIt WooCommerce Shop Page Builder <2.27.7 - XSS
CVSS 7.1
CVE-2025-28975
HIGH
redqteam Alike - WordPress Custom Post Comparison <3.0.1 - XSS
CVSS 7.1
CVE-2025-7761
MEDIUM
Lepszy BIP - Reflected Cross-Site Scripting via index.php Parameter
CVE-2025-8046
MEDIUM
Injection Guard WordPress Plugin < 1.2.8 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
Details
Vulnerabilities
45,142
Exploit Likelihood
High