CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,143 vulnerabilities with CWE-79
CVE-2025-31055
HIGH
vergatheme Electrician - Electrical Service WP <1.0 - XSS
CVSS 7.1
CVE-2025-30955
HIGH
GT3themes ListingEasy <= 1.9.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54051
MEDIUM
bPlugins LightBox Block <1.1.30 - XSS
CVSS 6.5
CVE-2025-54050
MEDIUM
Responsive Addons for Elementor <= 1.7.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54024
MEDIUM
WPAdverts <= 2.2.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54023
MEDIUM
WP Delicious <= 1.8.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54016
MEDIUM
Videopack <= 4.10.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54013
MEDIUM
Welcart e-Commerce <= 2.11.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-54009
MEDIUM
Crocoblock JetSmartFilters <3.6.8 - XSS
CVSS 6.5
CVE-2025-54006
MEDIUM
Bold Page Builder <= 5.4.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53996
MEDIUM
Crocoblock JetSearch <3.5.10.1 - XSS
CVSS 6.5
CVE-2025-53995
MEDIUM
Crocoblock JetPopup <2.0.15.1 - XSS
CVSS 6.5
CVE-2025-53994
MEDIUM
Crocoblock JetPopup <= 2.0.15 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53991
MEDIUM
Crocoblock JetTricks <1.5.4.1 - XSS
CVSS 6.5
CVE-2025-53989
MEDIUM
Crocoblock JetBlocks For Elementor <1.3.19 - XSS
CVSS 6.5
CVE-2025-53984
MEDIUM
Crocoblock JetTabs <= 2.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53982
MEDIUM
Crocoblock JetElements For Elementor <2.7.7 - XSS
CVSS 6.5
CVE-2025-48295
MEDIUM
hashthemes Easy Elementor Addons <2.2.5 - XSS
CVSS 6.5
CVE-2025-48156
MEDIUM
Parakoos Image Wall <= 3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-7035
MEDIUM
Media Library Assistant <= 3.26 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-5284
MEDIUM
Master Addons - Elementor Addons <= 2.0.8.2 - Authenticated Stored Cross-Site Scripting via Custom JS Extension
CVSS 6.4
CVE-2025-40724
MEDIUM
Pharmacy POS PHP Script - Stored Cross-Site Scripting via u_medicine_name Parameter
CVE-2025-6747
MEDIUM
Avada (Fusion) Builder <3.12.1 - XSS
CVSS 6.4
CVE-2025-5845
MEDIUM
WordPress Affiliate Reviews <1.0.6 - XSS
CVSS 6.4
CVE-2025-5843
MEDIUM
Brandfolder WordPress <5.0.19 - XSS
CVSS 6.4
Details
Vulnerabilities
45,143
Exploit Likelihood
High