CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,155 vulnerabilities with CWE-79
CVE-2025-30977 MEDIUM
Chaport Live Chat WP Live Chat + Chatbots Plugin - XSS
CVSS 5.9
CVE-2025-30952 MEDIUM
Nexa Blocks <= 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30951 MEDIUM
Stiofan BlockStrap Page Builder - Bootstrap Blocks <0.1.37 - XSS
CVSS 6.5
CVE-2025-30950 MEDIUM
WP Wham All Currencies <2.4.3 - XSS
CVSS 6.5
CVE-2025-30942 MEDIUM
OTWthemes Post Custom Templates Lite - XSS
CVSS 5.9
CVE-2025-30941 MEDIUM
Marvie Pons Pinterest Verify Meta Tag <1.3 - XSS
CVSS 5.9
CVE-2025-30940 MEDIUM
Melipayamak <= 2.2.12 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30939 MEDIUM
IFrame Widget <= 4.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30938 MEDIUM
Broadly for WordPress <= 3.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30937 MEDIUM
Responsify WP <= 1.9.11 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30935 MEDIUM
NickDuncan Contact Form <2.0.12 - XSS
CVSS 6.5
CVE-2025-30931 MEDIUM
DaData.ru <= 1.0.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30930 MEDIUM
Unreal Themes ACF: Yandex Maps Field - XSS
CVSS 5.9
CVE-2025-30928 MEDIUM
WP Biographia <= 4.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30638 MEDIUM
PowieT Powie's Uptime Robot <0.9.7 - XSS
CVSS 5.9
CVE-2025-30637 MEDIUM
Booking Ultra Pro <= 1.1.20 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30634 MEDIUM
IWEBIX WP Featured Content Slider <2.6 - XSS
CVSS 5.9
CVE-2025-30630 MEDIUM
Pozzad Global Translator <2.0.2 - XSS
CVSS 5.9
CVE-2025-30627 MEDIUM
regolithsjk Elegant Visitor Counter <3.1 - XSS
CVSS 5.9
CVE-2025-30625 MEDIUM
Matt Pramschufer AppBanners <1.5.14 - XSS
CVSS 5.9
CVE-2025-29011 MEDIUM
CHR Designer YouTube Simple Gallery <2.2.0 - XSS
CVSS 6.5
CVE-2025-29003 MEDIUM
mva7 The Holiday Calendar <1.18.2.1 - XSS
CVSS 6.5
CVE-2025-28989 MEDIUM
Read More Login <= 2.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-27334 MEDIUM
Simple Google Static Map <1.0.1 - XSS
CVSS 6.5
CVE-2025-5239 MEDIUM
Domain For Sale plugin for WordPress <= 3.0.10 - Authenticated Stored Cross-Site Scripting via class_name Parameter
CVSS 6.4
Details
Vulnerabilities 45,155
Exploit Likelihood High