CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,173 vulnerabilities with CWE-79
CVE-2025-46529 MEDIUM
StressFree Sites Business Contact Widget <2.7.0 - XSS
CVSS 5.9
CVE-2025-46525 MEDIUM
msmitley WP Cookie Consent <1.0 - XSS
CVSS 5.9
CVE-2025-46523 MEDIUM
COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-46521 MEDIUM
Silver Muru WS Force Login Page <3.0.3 - XSS
CVSS 5.9
CVE-2025-46517 MEDIUM
wpdiscover Blog Manager WP <1.0.5 - XSS
CVSS 5.9
CVE-2025-46509 MEDIUM
360 View <= 1.1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46505 MEDIUM
farinspace Peekaboo <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46502 HIGH
LSD Custom taxonomy and category meta <1.3.2 - CSRF
CVSS 7.1
CVE-2025-46501 MEDIUM
biancardi Mixcloud Embed <2.2.0 - XSS
CVSS 6.5
CVE-2025-46499 HIGH
hccoder PayPal Express Checkout <2.1.2 - XSS
CVSS 7.1
CVE-2025-46496 MEDIUM
Oniswap Mini Twitter Feed <3.0 - XSS
CVSS 6.5
CVE-2025-46491 MEDIUM
Matthew Muro Multi-Column Taxonomy List <1.5 - XSS
CVSS 6.5
CVE-2025-46484 MEDIUM
nasir179125 Image Hover Effects For WPBakery Page Builder <2.0 - XSS
CVSS 6.5
CVE-2025-46483 MEDIUM
Peadig's Google +1 Button <0.1.2 - XSS
CVSS 6.5
CVE-2025-46480 MEDIUM
Nepali Post Date <= 5.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46479 MEDIUM
BBCode Deluxe <= 2020.08.01.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-46478 HIGH
metaloha Dropdown Content <1.0.2 - XSS
CVSS 7.1
CVE-2025-46477 MEDIUM
WP Customize Login Page <1.6.5 - XSS
CVSS 5.9
CVE-2025-46476 MEDIUM
Awesome Wp Image Gallery <1.0 - XSS
CVSS 6.5
CVE-2025-46475 MEDIUM
Able Player <= 1.2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-46472 MEDIUM
The Pack Elementor addons <= 2.1.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46471 MEDIUM
Gnanavelshenll WP Custom Post Popup <1.0.2 - XSS
CVSS 6.5
CVE-2025-46469 MEDIUM
Benjamin Buddle Send From <2.2 - XSS
CVSS 5.9
CVE-2025-46467 MEDIUM
RAphicon <= 2.1.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-46461 MEDIUM
RRSSB <= 1.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,173
Exploit Likelihood High