CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,165 vulnerabilities with CWE-79
CVE-2025-39448 MEDIUM
Crocoblock JetElements For Elementor <2.7.4.1 - XSS
CVSS 6.5
CVE-2025-26997 HIGH
Wireless Butler <= 1.0.11 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46543 MEDIUM
Charly Leetham Enhanced Paypal Shortcodes <0.5a - XSS
CVSS 6.5
CVE-2025-46263 MEDIUM
Lloyd Saunders Author Box <1.6 - XSS
CVSS 6.5
CVE-2025-46262 MEDIUM
Mad Mimi for WordPress <1.5.1 - XSS
CVSS 6.5
CVE-2025-39369 MEDIUM
Posts for Page <= 2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-4939 MEDIUM
PHPGurukul Credit Card Application Management System 1.0 - Stored Cross-Site Scripting in /admin/new-ccapplication.php
CVSS 4.3
CVE-2025-32920 MEDIUM
TemplateInvaders TI WooCommerce Wishlist <2.10.0 - XSS
CVSS 6.5
CVE-2025-23988 HIGH
Ghostwriter <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23986 HIGH
Tiki Time < 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23983 HIGH
Tijaji < 1.43 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23981 HIGH
CarZine < 1.4.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23979 HIGH
Flashy <= 1.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22792 HIGH
Js O3 Lite <= 1.5.8.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22791 HIGH
twh offset writing < 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22790 HIGH
asmedia moseter < 1.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22789 HIGH
fyrewurks polka dots < 1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22687 HIGH
Asmedia Tuaug4 <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22678 HIGH
mythemes my white < 2.0.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-48341 MEDIUM
Form Maker by 10Web <= 1.15.33 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-48288 MEDIUM
Element Invader Elementor <1.3.5 - XSS
CVSS 6.5
CVE-2025-48277 MEDIUM
Stylemix Cost Calculator Builder <3.2.74 - XSS
CVSS 5.9
CVE-2025-48276 MEDIUM
Visual Composer Website Builder <= 45.11.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48270 MEDIUM
SKT Blocks <= 2.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48269 MEDIUM
Greg Winiarski WPAdverts <2.2.3 - XSS
CVSS 6.5
Details
Vulnerabilities 45,165
Exploit Likelihood High