CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,190 vulnerabilities with CWE-79
CVE-2025-39562 MEDIUM
codepeople Payment Form for PayPal Pro <1.1.72 - XSS
CVSS 5.9
CVE-2025-39558 HIGH
CRM Perks <= 1.1.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-39521 HIGH
Ashish Ajani Contact Form vCard Generator <2.4 - XSS
CVSS 7.1
CVE-2025-39519 HIGH
rtpHarry Bulk Page Stub Creator - XSS
CVSS 7.1
CVE-2025-39464 HIGH
rtowebsites AdminQuickbar <1.9.1 - XSS
CVSS 7.1
CVE-2025-39444 MEDIUM
MaxButtons <= 9.8.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-39432 HIGH
bbPress2 shortcode whitelist <= 2.2.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-39428 MEDIUM
Maros Pristas Gravity Forms CSS Themes - XSS
CVSS 5.9
CVE-2025-39427 MEDIUM
WP Post to PDF Enhanced <1.1.1 - XSS
CVSS 5.9
CVE-2025-39420 HIGH
ruudkok WP Twitter Button <1.4.1 - XSS
CVSS 7.1
CVE-2025-32674 HIGH
WPFactory Product Excel Import Export & Bulk Edit for WooCommerce -...
CVSS 7.1
CVE-2025-32670 HIGH
Spark GF Failed Submissions <= 1.3.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32666 HIGH
Hive Support <= 1.2.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32653 HIGH
Cart66 Cloud <= 2.3.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32651 HIGH
SERPed.net <= 4.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32649 HIGH
GB Gallery Slideshow <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32646 HIGH
PickPlugins Question Answer <1.2.70 - XSS
CVSS 7.1
CVE-2025-32639 HIGH
wecantrack Affiliate Links Lite <3.1.0 - XSS
CVSS 7.1
CVE-2025-32638 HIGH
weptile Mobile App for WooCommerce <= 0.4.61 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32637 HIGH
WP Donate <= 2.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32634 HIGH
Run Contests, Raffles, and Giveaways with ContestsWP <= 2.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32630 HIGH
CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirecto...
CVSS 7.1
CVE-2025-32628 HIGH
WP Wham Crowdfunding for WooCommerce <3.1.12 - XSS
CVSS 7.1
CVE-2025-32625 HIGH
Mobile Pages <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32622 HIGH
OTP-less one tap Sign in <2.0.58 - XSS
CVSS 7.1
Details
Vulnerabilities 45,190
Exploit Likelihood High