CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,169 vulnerabilities with CWE-79
CVE-2025-47676 MEDIUM
Faiyaz Alam User Login History <2.1.6 - XSS
CVSS 6.5
CVE-2025-47675 MEDIUM
Woobox <= 1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-47669 MEDIUM
CBX Map for Google Map & OpenStreetMap <= 1.1.12 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-47668 MEDIUM
CookieCode <= 2.4.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-47665 MEDIUM
Bistromatic N360|Splash Screen <1.0.6 - XSS
CVSS 5.9
CVE-2025-47662 MEDIUM
Woobox <= 1.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47659 MEDIUM
voidcoders WPBakery Visual Composer WHMCS Elements <1.0.4.1 - XSS
CVSS 6.5
CVE-2025-47656 MEDIUM
Spiraclethemes Site Library <1.4.0 - XSS
CVSS 6.5
CVE-2025-47638 MEDIUM
Sarvesh M Rao WP Discord Invite <2.5.3 - XSS
CVSS 5.9
CVE-2025-47632 MEDIUM
Awesome Gallery <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47630 MEDIUM
Ajax Load More <= 7.3.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47626 MEDIUM
Submission DOM tracking for Contact Form 7 <= 2.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-47625 MEDIUM
DoFollow Case by Case <= 3.5.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-47623 MEDIUM
Easy PayPal Buy Now Button <= 2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-47622 MEDIUM
apasionados Email Notification <1.6.1 - XSS
CVSS 5.9
CVE-2025-47621 MEDIUM
Meks Flexible Shortcodes <1.3.6 - XSS
CVSS 6.5
CVE-2025-47617 MEDIUM
Aharonyan WP Front User Submit/Front Editor <4.9.3 - XSS
CVSS 5.9
CVE-2025-47616 MEDIUM
aBlocks <= 1.9.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-47615 MEDIUM
flowdee Amazon Product <5.2.2 - XSS
CVSS 5.9
CVE-2025-47607 MEDIUM
AppJetty Show All Comments <7.0.1 - XSS
CVSS 5.9
CVE-2025-47605 MEDIUM
AppJetty WP jQuery DataTable <4.1.0 - XSS
CVSS 5.9
CVE-2025-47604 MEDIUM
Data443 Risk Migitation, Inc. Inline Related Posts <3.8.0 - XSS
CVSS 6.5
CVE-2025-47595 MEDIUM
Color Your Bar <= 2.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-47593 MEDIUM
Really Simple Under Construction Page <1.4.6 - XSS
CVSS 5.9
CVE-2025-47592 MEDIUM
Legal Terms and Conditions Popup - TPUL <2.0.3 - XSS
CVSS 5.9
Details
Vulnerabilities 45,169
Exploit Likelihood High