CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,190 vulnerabilities with CWE-79
CVE-2025-32532 HIGH
UXsniff <= 1.3.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32531 HIGH
Arconix FAQ <= 1.9.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32530 HIGH
WP Swings Wallet System <2.6.5 - XSS
CVSS 7.1
CVE-2025-32529 HIGH
iONE360 configurator <= 2.0.57 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32528 HIGH
maximevalette iCal Feeds <1.5.3 - XSS
CVSS 7.1
CVE-2025-32527 HIGH
pey22 T&P Gallery Slider <1.2 - XSS
CVSS 7.1
CVE-2025-32526 HIGH
Zephyr Project Manager <= 3.3.101 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32522 HIGH
WPExperts.io License Manager - WooCommerce <3.0.9 - XSS
CVSS 7.1
CVE-2025-32521 HIGH
CoolHappy Cool Flipbox - Shortcode & Gutenberg Block <1.8.3 - XSS
CVSS 7.1
CVE-2025-32520 HIGH
M. Ali Saleem WordPress Health and Server Condition - Integrated wi...
CVSS 7.1
CVE-2025-32516 HIGH
ilGhera Related Videos for JW Player <1.2.0 - XSS
CVSS 7.1
CVE-2025-32515 HIGH
Terminal Africa <= 1.13.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32514 HIGH
WooCommerce Estimate and Quote <1.0.2.5 - XSS
CVSS 7.1
CVE-2025-32513 HIGH
Nomupay Payment Processing Gateway <7.1.6 - XSS
CVSS 7.1
CVE-2025-32512 HIGH
Revamp CRM for WooCommerce <1.1.2 - XSS
CVSS 7.1
CVE-2025-32511 HIGH
Excellent Dynamics Make Email Customizer - XSS
CVSS 7.1
CVE-2025-32508 HIGH
ComMotion Course Booking System <6.0.7 - XSS
CVSS 7.1
CVE-2025-32507 HIGH
Event Espresso - Custom Email Template Shortcode <1.0.0 - XSS
CVSS 7.1
CVE-2025-32506 HIGH
BenDlz AT Internet SmartTag <0.2 - XSS
CVSS 7.1
CVE-2025-32504 HIGH
Silvasoft boekhouden <= 3.0.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32490 HIGH
WebsiteDefender wp secure <= 1.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-31018 HIGH
FireDrum Email Marketing <1.64 - XSS
CVSS 7.1
CVE-2025-31006 HIGH
arete-it Activity Reactions For Buddypress <1.0.22 - XSS
CVSS 7.1
CVE-2025-27354 HIGH
phil88530 Simple Email Subscriber <2.3 - XSS
CVSS 7.1
CVE-2025-27346 HIGH
gerrygooner Rebuild Permalinks <1.6 - XSS
CVSS 7.1
Details
Vulnerabilities 45,190
Exploit Likelihood High