CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,143 vulnerabilities with CWE-79
CVE-2025-31055 HIGH
vergatheme Electrician - Electrical Service WP <1.0 - XSS
CVSS 7.1
CVE-2025-30955 HIGH
GT3themes ListingEasy <= 1.9.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-54051 MEDIUM
bPlugins LightBox Block <1.1.30 - XSS
CVSS 6.5
CVE-2025-54050 MEDIUM
Responsive Addons for Elementor <= 1.7.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-54024 MEDIUM
WPAdverts <= 2.2.5 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54023 MEDIUM
WP Delicious <= 1.8.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54016 MEDIUM
Videopack <= 4.10.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-54013 MEDIUM
Welcart e-Commerce <= 2.11.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-54009 MEDIUM
Crocoblock JetSmartFilters <3.6.8 - XSS
CVSS 6.5
CVE-2025-54006 MEDIUM
Bold Page Builder <= 5.4.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53996 MEDIUM
Crocoblock JetSearch <3.5.10.1 - XSS
CVSS 6.5
CVE-2025-53995 MEDIUM
Crocoblock JetPopup <2.0.15.1 - XSS
CVSS 6.5
CVE-2025-53994 MEDIUM
Crocoblock JetPopup <= 2.0.15 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53991 MEDIUM
Crocoblock JetTricks <1.5.4.1 - XSS
CVSS 6.5
CVE-2025-53989 MEDIUM
Crocoblock JetBlocks For Elementor <1.3.19 - XSS
CVSS 6.5
CVE-2025-53984 MEDIUM
Crocoblock JetTabs <= 2.2.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53982 MEDIUM
Crocoblock JetElements For Elementor <2.7.7 - XSS
CVSS 6.5
CVE-2025-48295 MEDIUM
hashthemes Easy Elementor Addons <2.2.5 - XSS
CVSS 6.5
CVE-2025-48156 MEDIUM
Parakoos Image Wall <= 3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-7035 MEDIUM
Media Library Assistant <= 3.26 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-5284 MEDIUM
Master Addons - Elementor Addons <= 2.0.8.2 - Authenticated Stored Cross-Site Scripting via Custom JS Extension
CVSS 6.4
CVE-2025-40724 MEDIUM
Pharmacy POS PHP Script - Stored Cross-Site Scripting via u_medicine_name Parameter
CVE-2025-6747 MEDIUM
Avada (Fusion) Builder <3.12.1 - XSS
CVSS 6.4
CVE-2025-5845 MEDIUM
WordPress Affiliate Reviews <1.0.6 - XSS
CVSS 6.4
CVE-2025-5843 MEDIUM
Brandfolder WordPress <5.0.19 - XSS
CVSS 6.4
Details
Vulnerabilities 45,143
Exploit Likelihood High