CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-39577
MEDIUM
PropertyHive <= 2.1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39576
MEDIUM
WPAdverts <= 2.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39575
MEDIUM
WPCasa <= 1.3.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39574
MEDIUM
UIUX Lab Uix Shortcodes <2.0.4 - XSS
CVSS 6.5
CVE-2025-39573
MEDIUM
teastudio.pl WP Posts Carousel <1.3.10 - XSS
CVSS 6.5
CVE-2025-39572
MEDIUM
Noor Alam Checkout for PayPal <1.0.38 - XSS
CVSS 6.5
CVE-2025-39555
MEDIUM
andy_moyle Church Admin <5.0.23 - XSS
CVSS 6.5
CVE-2025-39549
MEDIUM
whiletrue Most And Least Read Posts Widget <2.5.20 - XSS
CVSS 6.5
CVE-2025-39543
MEDIUM
WP Royal Royal Elementor Addons <1.3.977 - XSS
CVSS 6.5
CVE-2025-39540
MEDIUM
WP Flipclock <= 1.9.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-39529
MEDIUM
Robin Cornett Scriptless Social Sharing <3.2.4 - XSS
CVSS 6.5
CVE-2025-39528
MEDIUM
Rescue Shortcodes <= 3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-39525
MEDIUM
wpWax Logo Carousel Slider <2.1.3 - XSS
CVSS 6.5
CVE-2025-39520
MEDIUM
WP Wham Checkout Files Upload for WooCommerce <2.2.0 - XSS
CVSS 6.5
CVE-2025-39516
MEDIUM
Author WIP Progress Bar <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-39515
MEDIUM
tnomi Attendance Manager <0.6.2 - XSS
CVSS 6.5
CVE-2025-39514
MEDIUM
Asgaros Forum <= 3.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-1983
MEDIUM
Symfonia Ready_ 7.0.0.0-7.19.39.23 and 8.0.0.0-8.0.2.2 - Stored Cross-Site Scripting via File Explorer Upload Filename
CVE-2025-3688
LOW
Seven Bears Library CMS 2023 - Cross-Site Scripting in Background Management Page
CVSS 2.4
CVE-2025-3077
MEDIUM
Betheme <= 28.0.3 - Authenticated Stored Cross-Site Scripting via Button Shortcode and Custom CSS Field
CVSS 6.4
CVE-2025-2314
MEDIUM
User Profile Builder < 3.13.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-32388
MEDIUM
SvelteKit 2.0.0-2.20.5 - Cross-Site Scripting via Unsanitized Search Param Names
CVSS 5.4
CVE-2025-32923
HIGH
GoodLayers Tourmaster < 5.4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30984
HIGH
SEO Tools <= 4.0.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30982
MEDIUM
zookatron MyBookProgress <1.0.8 - XSS
CVSS 6.5
Details
Vulnerabilities
45,198
Exploit Likelihood
High