CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,165 vulnerabilities with CWE-79
CVE-2025-48266 MEDIUM
RealMag777 Active Products Tables for WooCommerce <1.0.6.8 - XSS
CVSS 6.5
CVE-2025-48263 MEDIUM
MultiVendorX <= 4.2.22 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48258 MEDIUM
jetmonsters Mega Menu Block <1.0.6 - XSS
CVSS 6.5
CVE-2025-48256 MEDIUM
Import Social Events <= 1.8.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48254 MEDIUM
Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48253 MEDIUM
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48252 MEDIUM
WPFactory Back Button Widget <= 1.6.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48251 MEDIUM
WPFactory Additional Custom Emails & Recipients for WooCommerce <3....
CVSS 6.5
CVE-2025-48250 MEDIUM
WPFactory Coupons & Add to Cart by URL Links for WooCommerce <1.7.7...
CVSS 6.5
CVE-2025-48249 MEDIUM
WPFactory EAN for WooCommerce <5.4.6 - XSS
CVSS 6.5
CVE-2025-48248 MEDIUM
WPFactory Sitewide Discount - WooCommerce <2.2.1 - XSS
CVSS 6.5
CVE-2025-48244 MEDIUM
Exclusive Addons Elementor <2.7.9 - XSS
CVSS 5.9
CVE-2025-48240 MEDIUM
WPFactory Cost of Goods <3.7.0 - XSS
CVSS 6.5
CVE-2025-48239 MEDIUM
Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48237 MEDIUM
Wishlist for WooCommerce <= 3.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48236 HIGH
bunny.net <= 2.3.0 - Stored Cross-Site Scripting
CVSS 8.5
CVE-2025-48235 MEDIUM
WP Image Mask <= 3.1.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48234 MEDIUM
Ultimate Blocks <= 3.3.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48232 MEDIUM
Xpro Xpro Addons For Beaver Builder Lite - XSS
CVSS 6.5
CVE-2025-44108 MEDIUM
Flatpress < 1.4 - Authenticated Stored Cross-Site Scripting via Gallery Captions
CVSS 4.8
CVE-2025-32999 MEDIUM
a-blog cms 3.0.0-3.0.46 - Authenticated Stored Cross-Site Scripting in Entry Editing Screen
CVSS 5.4
CVE-2025-2561 MEDIUM
Ninja Forms < 3.10.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-2560 MEDIUM
Ninja Forms < 3.10.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-2524 MEDIUM
Ninja Forms < 3.10.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-1627 MEDIUM
Qi Blocks < 1.4 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
Details
Vulnerabilities 45,165
Exploit Likelihood High