CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,145 vulnerabilities with CWE-79
CVE-2025-50046 MEDIUM
StellarWP WPComplete <= 2.9.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-50045 MEDIUM
ProWCPlugins Related Products Manager <1.6.2 - XSS
CVSS 6.5
CVE-2025-50043 MEDIUM
Jordy Meow Code Engine <0.3.2 - XSS
CVSS 6.5
CVE-2025-50042 MEDIUM
aviplugins.com WP Register Profile With Shortcode <3.6.1 - XSS
CVSS 6.5
CVE-2025-50041 MEDIUM
WP Engine Gutenberg Blocks - ACF Blocks Suite <2.6.11 - XSS
CVSS 6.5
CVE-2025-50038 MEDIUM
Anant Addons for Elementor <1.2.0 - XSS
CVSS 6.5
CVE-2025-50037 MEDIUM
Buying Buddy IDX CRM <= 2.3.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-50035 MEDIUM
Fyrebox Quizzes <= 3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-50033 MEDIUM
Fitness Park <= 1.1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-50030 MEDIUM
Sparkle Themes Spark Multipurpose - XSS
CVSS 6.5
CVE-2025-50027 MEDIUM
xootix Login/Signup Popup <2.9.4 - XSS
CVSS 5.9
CVE-2025-50026 MEDIUM
Spoki <= 2.17.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50025 MEDIUM
CP Polls <= 1.0.81 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50024 MEDIUM
Truong Thanh ATP Call Now <1.0.3 - XSS
CVSS 5.9
CVE-2025-50023 MEDIUM
CodePen Embed Block <= 1.2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50022 MEDIUM
justin_k WP-FB-AutoConnect <4.6.3 - XSS
CVSS 5.9
CVE-2025-50021 MEDIUM
Robert Peake Better Random Redirect <1.3.20 - XSS
CVSS 5.9
CVE-2025-50020 MEDIUM
Nitin Yawalkar RDFa Breadcrumb <2.3 - XSS
CVSS 5.9
CVE-2025-50019 MEDIUM
Sandor Kovacs Simple Sticky Footer <1.3.5 - XSS
CVSS 5.9
CVE-2025-50018 MEDIUM
Tealium <= 2.1.20 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50017 MEDIUM
WP Voting Contest <= 5.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-50016 MEDIUM
brijeshk89 IP Based Login <2.4.2 - XSS
CVSS 5.9
CVE-2025-50015 MEDIUM
Rodrigo Bastos Hand Talk <6.0 - XSS
CVSS 5.9
CVE-2025-50014 MEDIUM
iamapinan PDPA Consent for Thailand <1.1.1. - XSS
CVSS 5.9
CVE-2025-50013 MEDIUM
Jason Judge CSV Importer <0.6.1 - XSS
CVSS 5.9
Details
Vulnerabilities 45,145
Exploit Likelihood High