CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,144 vulnerabilities with CWE-79
CVE-2025-27326
MEDIUM
bPlugins Video Gallery Block <1.1.0 - XSS
CVSS 6.5
CVE-2025-26591
MEDIUM
WP fancybox <= 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24764
MEDIUM
(Simply) Guest Author Name <4.36 - XSS
CVSS 6.5
CVE-2025-24735
HIGH
Chatra Live Chat+Cart Saver <1.0.11 - XSS
CVSS 7.7
CVE-2025-6673
MEDIUM
WordPress Easy restaurant menu manager <2.0.1 - XSS
CVSS 6.4
CVE-2025-53599
CRITICAL
Whale < 3.9.1.4206 - Cross-Site Scripting via JavaScript Scheme
CVSS 9.8
CVE-2025-6944
MEDIUM
Uncode Core <= 2.9.4.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-7053
LOW
Cockpit < 2.11.4 - Cross-Site Scripting via User Save Endpoint
CVSS 3.5
CVE-2025-7046
MEDIUM
PowerFolio < 3.2.1 - Authenticated Stored Cross-Site Scripting via Custom JS Attributes
CVSS 6.4
CVE-2025-6787
MEDIUM
Smart Docs < 1.1.0 - Authenticated Stored Cross-Site Scripting via smartdocs_search Shortcode
CVSS 6.4
CVE-2025-6039
MEDIUM
ProcessingJS for WordPress <1.2.2 - XSS
CVSS 6.4
CVE-2025-5567
MEDIUM
Shortcodes Ultimate <= 7.4.0 - Authenticated Stored XSS via data-url
CVSS 6.4
CVE-2025-53370
HIGH
Citizen 1.9.4-3.3.9 - Stored Cross-Site Scripting via ShortDescription Extension
CVSS 8.6
CVE-2025-53369
HIGH
ShortDescription 4.0.0 - Stored Cross-Site Scripting via mw.util.addSubtitle
CVSS 8.6
CVE-2025-53368
HIGH
Citizen 1.9.4-3.4.0 - Stored Cross-Site Scripting via Old Search Bar
CVSS 8.6
CVE-2025-53500
MEDIUM
Mediawiki - MassEditRegex Ext <1.39.12-1.43.2 - XSS
CVSS 5.6
CVE-2025-53489
MEDIUM
Mediawiki - GoogleDocs4MW Ext <1.42.7-1.43.2 - XSS
CVSS 5.6
CVE-2025-53490
MEDIUM
Mediawiki - CampaignEvents Extension <1.43.2 - XSS
CVSS 5.6
CVE-2025-45938
MEDIUM
Akeles Out of Office Assistant for Jira 4.0.1 - Cross-Site Scripting via Jira fullName Parameter
CVSS 5.4
CVE-2025-49032
MEDIUM
PublishPress Gutenberg Blocks <3.3.1 - XSS
CVSS 6.5
CVE-2025-2537
MEDIUM
WpDevArt YouTube Embed <= Authenticated Stored XSS via ThickBox
CVSS 6.4
CVE-2025-40723
MEDIUM
Flatboard Pro < 3.2.2 - Stored Cross-Site Scripting via Footer Text and Announcement Parameters
CVE-2025-40722
MEDIUM
Flatboard Pro < 3.2.2 - Stored Cross-Site Scripting via Replace Parameter in Tags Configuration
CVE-2025-2540
MEDIUM
Awesome Wp Image Gallery <1.0 - Authenticated Stored Cross-Site Scripting via prettyPhoto Library
CVSS 6.4
CVE-2025-27448
MEDIUM
meac300-fnade4_firmware < 0.16.0 - Stored Cross-Site Scripting via Dashboard Name
CVSS 6.8
Details
Vulnerabilities
45,144
Exploit Likelihood
High