CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,142 vulnerabilities with CWE-79
CVE-2025-49433 MEDIUM
Supermalink <= 1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-49065 HIGH
BestiaDurmiente Visit Counter <1.0 - XSS
CVSS 7.1
CVE-2025-49064 HIGH
Webilop User Language Switch <= 1.6.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49063 HIGH
i3geek BaiduXZH Submit <1.4.6 - XSS
CVSS 7.1
CVE-2025-49062 HIGH
cornfeed WP-jScrollPane <2.0.3 - XSS
CVSS 7.1
CVE-2025-49061 MEDIUM
perteus Porn Videos Embed <0.9.1 - XSS
CVSS 6.5
CVE-2025-49058 HIGH
SoundSt SEO Search <= 1.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49057 HIGH
WP Voting <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49056 HIGH
Duoshuo Social Comment Box <1.2 - XSS
CVSS 7.1
CVE-2025-49054 HIGH
Time Sheets <= 2.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49053 MEDIUM
WP Airdrop Manager <= 1.0.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49051 MEDIUM
biscia7 Hide Text Shortcode <1.1 - XSS
CVSS 6.5
CVE-2025-49048 MEDIUM
Inspectlet - User Session Recording and Heatmaps <= 2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-49047 MEDIUM
DigitalOcean Spaces Sync <2.2.1 - XSS
CVSS 5.9
CVE-2025-49038 HIGH
Soflyy WP Dynamic Links <1.0.1 - XSS
CVSS 7.1
CVE-2025-49037 HIGH
Federico Rota Auth & xmlrpc <1.2.2 - XSS
CVSS 7.1
CVE-2025-47689 HIGH
Video Blogster Lite <= 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-47610 MEDIUM
Wetail WooCommerce Fortnox Integration <4.5.6 - XSS
CVSS 6.5
CVE-2025-31007 HIGH
Alvind Billplz Addon for Contact Form 7 <1.2.0 - XSS
CVSS 7.1
CVE-2025-30626 HIGH
LambertGroup Multimedia Playlist Slider Addon - XSS
CVSS 7.1
CVE-2025-29014 HIGH
ZoomIt FoodMenu <= 1.20 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-28999 HIGH
ZoomIt WooCommerce Shop Page Builder <2.27.7 - XSS
CVSS 7.1
CVE-2025-28975 HIGH
redqteam Alike - WordPress Custom Post Comparison <3.0.1 - XSS
CVSS 7.1
CVE-2025-7761 MEDIUM
Lepszy BIP - Reflected Cross-Site Scripting via index.php Parameter
CVE-2025-8046 MEDIUM
Injection Guard WordPress Plugin < 1.2.8 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
Details
Vulnerabilities 45,142
Exploit Likelihood High