CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,198 vulnerabilities with CWE-79
CVE-2025-32507 HIGH
Event Espresso - Custom Email Template Shortcode <1.0.0 - XSS
CVSS 7.1
CVE-2025-32506 HIGH
BenDlz AT Internet SmartTag <0.2 - XSS
CVSS 7.1
CVE-2025-32504 HIGH
Silvasoft boekhouden <= 3.0.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32490 HIGH
WebsiteDefender wp secure <= 1.2 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-31018 HIGH
FireDrum Email Marketing <1.64 - XSS
CVSS 7.1
CVE-2025-31006 HIGH
arete-it Activity Reactions For Buddypress <1.0.22 - XSS
CVSS 7.1
CVE-2025-27354 HIGH
phil88530 Simple Email Subscriber <2.3 - XSS
CVSS 7.1
CVE-2025-27346 HIGH
gerrygooner Rebuild Permalinks <1.6 - XSS
CVSS 7.1
CVE-2025-27345 HIGH
Booking Ultra Pro <= 1.1.19 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27343 HIGH
WooCommerce HTML5 Video <1.7.10 - XSS
CVSS 7.1
CVE-2025-27338 HIGH
List Urls <= 0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27337 HIGH
kontur Fontsampler <= 0.4.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27333 HIGH
alvego Protected wp-login <2.1 - XSS
CVSS 7.1
CVE-2025-27324 HIGH
17TRACK for WooCommerce <1.2.10 - XSS
CVSS 7.1
CVE-2025-27322 HIGH
Bappa Mal QR Code for WooCommerce <1.2.0 - XSS
CVSS 7.1
CVE-2025-27319 HIGH
User List <= 1.5.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27314 HIGH
Kush Micro News <= 1.6.7 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-27313 HIGH
Bernd Altmeier Google Maps GPX Viewer <3.6 - XSS
CVSS 7.1
CVE-2025-27309 HIGH
Jeannot Muller flickr-slideshow-wrapper <5.4.6 - XSS
CVSS 7.1
CVE-2025-27308 HIGH
cmstactics WP Video Posts <3.5.1 - XSS
CVSS 7.1
CVE-2025-27295 HIGH
Live css <= 1.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-27293 HIGH
Shipmozo Courier Tracking <1.0 - XSS
CVSS 7.1
CVE-2025-27292 HIGH
WPYog Documents <= 1.3.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27291 HIGH
WordPress Photo Gallery - Image Gallery <= 2.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27289 HIGH
Antoine Guillien Restrict Taxonomies <1.3.3 - XSS
CVSS 7.1
Details
Vulnerabilities 45,198
Exploit Likelihood High