CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,165 vulnerabilities with CWE-79
CVE-2025-48266
MEDIUM
RealMag777 Active Products Tables for WooCommerce <1.0.6.8 - XSS
CVSS 6.5
CVE-2025-48263
MEDIUM
MultiVendorX <= 4.2.22 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48258
MEDIUM
jetmonsters Mega Menu Block <1.0.6 - XSS
CVSS 6.5
CVE-2025-48256
MEDIUM
Import Social Events <= 1.8.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48254
MEDIUM
Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48253
MEDIUM
Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48252
MEDIUM
WPFactory Back Button Widget <= 1.6.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48251
MEDIUM
WPFactory Additional Custom Emails & Recipients for WooCommerce <3....
CVSS 6.5
CVE-2025-48250
MEDIUM
WPFactory Coupons & Add to Cart by URL Links for WooCommerce <1.7.7...
CVSS 6.5
CVE-2025-48249
MEDIUM
WPFactory EAN for WooCommerce <5.4.6 - XSS
CVSS 6.5
CVE-2025-48248
MEDIUM
WPFactory Sitewide Discount - WooCommerce <2.2.1 - XSS
CVSS 6.5
CVE-2025-48244
MEDIUM
Exclusive Addons Elementor <2.7.9 - XSS
CVSS 5.9
CVE-2025-48240
MEDIUM
WPFactory Cost of Goods <3.7.0 - XSS
CVSS 6.5
CVE-2025-48239
MEDIUM
Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48237
MEDIUM
Wishlist for WooCommerce <= 3.2.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-48236
HIGH
bunny.net <= 2.3.0 - Stored Cross-Site Scripting
CVSS 8.5
CVE-2025-48235
MEDIUM
WP Image Mask <= 3.1.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48234
MEDIUM
Ultimate Blocks <= 3.3.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-48232
MEDIUM
Xpro Xpro Addons For Beaver Builder Lite - XSS
CVSS 6.5
CVE-2025-44108
MEDIUM
Flatpress < 1.4 - Authenticated Stored Cross-Site Scripting via Gallery Captions
CVSS 4.8
CVE-2025-32999
MEDIUM
a-blog cms 3.0.0-3.0.46 - Authenticated Stored Cross-Site Scripting in Entry Editing Screen
CVSS 5.4
CVE-2025-2561
MEDIUM
Ninja Forms < 3.10.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-2560
MEDIUM
Ninja Forms < 3.10.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-2524
MEDIUM
Ninja Forms < 3.10.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2025-1627
MEDIUM
Qi Blocks < 1.4 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
Details
Vulnerabilities
45,165
Exploit Likelihood
High