CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-53278 MEDIUM
WP AdCenter <= 2.6.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-53276 MEDIUM
Omnipress <= 1.6.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53275 MEDIUM
VaultDweller Leyka <= 3.32.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-53253 MEDIUM
Josh WP Edit <= 4.0.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-53206 MEDIUM
HT Mega - Absolute Addons for WPBakery Page Builder <1.0.8 - XSS
CVSS 6.5
CVE-2025-53202 MEDIUM
CyberChimps Responsive Blocks <2.0.6 - XSS
CVSS 6.5
CVE-2025-53199 MEDIUM
HT Slider For Elementor <1.6.5 - XSS
CVSS 6.5
CVE-2025-52799 HIGH
designthemes LMS <= 9.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52778 HIGH
Michel - xiligroup dev xili-dictionary <2.12.5.2 - XSS
CVSS 7.1
CVE-2025-52774 HIGH
Infility Global <= 2.15.06 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-52727 HIGH
QuanticaLabs CSS3 Vertical Web Pricing Tables - XSS
CVSS 7.1
CVE-2025-50052 HIGH
Flexo Counter <= 1.0001 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49423 HIGH
Syed Tahir Ali Jan Bulk YouTube Post Creator - XSS
CVSS 7.1
CVE-2025-49321 HIGH
Eventin <= 4.0.28 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-49290 HIGH
Jory Hogeveen Slidebars <0.5.8.4 - XSS
CVSS 7.1
CVE-2025-47654 HIGH
FormLift for Infusionsoft Web Forms <7.5.20 - XSS
CVSS 7.1
CVE-2025-47574 HIGH
Mojoomla School Management <92.0.0 - XSS
CVSS 7.1
CVE-2025-39488 HIGH
Sneeit MagOne <= 8.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39478 HIGH
smartiolabs Smart Notification <10.3 - XSS
CVSS 7.1
CVE-2025-31428 HIGH
BuddhaThemes HYDRO <= 2.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31067 HIGH
Seven Stars < 1.4.4 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-30972 HIGH
WooCommerce Line Notify <1.1.7 - XSS
CVSS 7.1
CVE-2025-28988 HIGH
Aharonyan WP Front User Submit/Front Editor <4.9.3 - XSS
CVSS 7.1
CVE-2025-28960 HIGH
regibaer Evangelische Termine <3.3 - XSS
CVSS 7.1
CVE-2025-28956 HIGH
Backwp <= 2.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,145
Exploit Likelihood High