CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,155 vulnerabilities with CWE-79
CVE-2025-30977
MEDIUM
Chaport Live Chat WP Live Chat + Chatbots Plugin - XSS
CVSS 5.9
CVE-2025-30952
MEDIUM
Nexa Blocks <= 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30951
MEDIUM
Stiofan BlockStrap Page Builder - Bootstrap Blocks <0.1.37 - XSS
CVSS 6.5
CVE-2025-30950
MEDIUM
WP Wham All Currencies <2.4.3 - XSS
CVSS 6.5
CVE-2025-30942
MEDIUM
OTWthemes Post Custom Templates Lite - XSS
CVSS 5.9
CVE-2025-30941
MEDIUM
Marvie Pons Pinterest Verify Meta Tag <1.3 - XSS
CVSS 5.9
CVE-2025-30940
MEDIUM
Melipayamak <= 2.2.12 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30939
MEDIUM
IFrame Widget <= 4.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30938
MEDIUM
Broadly for WordPress <= 3.0.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30937
MEDIUM
Responsify WP <= 1.9.11 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30935
MEDIUM
NickDuncan Contact Form <2.0.12 - XSS
CVSS 6.5
CVE-2025-30931
MEDIUM
DaData.ru <= 1.0.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30930
MEDIUM
Unreal Themes ACF: Yandex Maps Field - XSS
CVSS 5.9
CVE-2025-30928
MEDIUM
WP Biographia <= 4.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30638
MEDIUM
PowieT Powie's Uptime Robot <0.9.7 - XSS
CVSS 5.9
CVE-2025-30637
MEDIUM
Booking Ultra Pro <= 1.1.20 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30634
MEDIUM
IWEBIX WP Featured Content Slider <2.6 - XSS
CVSS 5.9
CVE-2025-30630
MEDIUM
Pozzad Global Translator <2.0.2 - XSS
CVSS 5.9
CVE-2025-30627
MEDIUM
regolithsjk Elegant Visitor Counter <3.1 - XSS
CVSS 5.9
CVE-2025-30625
MEDIUM
Matt Pramschufer AppBanners <1.5.14 - XSS
CVSS 5.9
CVE-2025-29011
MEDIUM
CHR Designer YouTube Simple Gallery <2.2.0 - XSS
CVSS 6.5
CVE-2025-29003
MEDIUM
mva7 The Holiday Calendar <1.18.2.1 - XSS
CVSS 6.5
CVE-2025-28989
MEDIUM
Read More Login <= 2.0.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-27334
MEDIUM
Simple Google Static Map <1.0.1 - XSS
CVSS 6.5
CVE-2025-5239
MEDIUM
Domain For Sale plugin for WordPress <= 3.0.10 - Authenticated Stored Cross-Site Scripting via class_name Parameter
CVSS 6.4
Details
Vulnerabilities
45,155
Exploit Likelihood
High