CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,198 vulnerabilities with CWE-79
CVE-2025-32427
MEDIUM
Formie < 2.1.44 - Cross-Site Scripting in Form Import Preview
CVSS 5.4
CVE-2025-32426
MEDIUM
Formie < 2.1.44 - Stored Cross-Site Scripting in Email Notification Preview
CVSS 4.6
CVE-2025-3421
MEDIUM
Everest Forms < 3.1.1 - Unauthenticated Reflected Cross-Site Scripting via form_id Parameter
CVSS 6.1
CVE-2025-2575
MEDIUM
Z Companion <= 1.1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-2541
MEDIUM
WP Project Manager < 2.6.23 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2025-3434
HIGH
SMTP for Amazon SES - YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
CVSS 7.2
CVE-2025-32632
HIGH
KaizenCoders Automatic Ban IP <1.0.7 - XSS
CVSS 7.1
CVE-2025-32601
HIGH
Twispay Credit Card Payments <2.1.2 - XSS
CVSS 7.1
CVE-2025-32600
HIGH
Tournamatch <= 4.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32599
HIGH
miunosoft Task Scheduler <1.6.3 - XSS
CVSS 7.1
CVE-2025-32598
HIGH
WP Table Builder <= 2.0.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32586
HIGH
ABA PayWay Payment Gateway <2.1.3 - XSS
CVSS 7.1
CVE-2025-32553
HIGH
Magnigenie RestroPress <3.1.8.4 - XSS
CVSS 7.1
CVE-2025-32551
HIGH
Jaap Jansma Connector to CiviCRM <1.0.8 - XSS
CVSS 7.1
CVE-2025-32541
HIGH
WooCommerce Sales MIS Report <4.0.3 - XSS
CVSS 7.1
CVE-2025-32539
HIGH
WooCommerce - Store Exporter <2.7.4 - XSS
CVSS 7.1
CVE-2025-32538
HIGH
dev02ali Easy Post Duplicator <1.0.1 - XSS
CVSS 7.1
CVE-2025-32537
HIGH
Rachel Cherry Lock Your Updates <1.1 - XSS
CVSS 7.1
CVE-2025-32536
HIGH
Sandeep Verma HTML5 Video Player <2.50 - XSS
CVSS 7.1
CVE-2025-32534
HIGH
Workbox Video from Vimeo & Youtube <= 3.2.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32525
HIGH
Interactive Geo Maps <= 1.6.24 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32524
HIGH
MyWorks WooCommerce Sync <2.9.1 - XSS
CVSS 7.1
CVE-2025-32523
HIGH
Payphone WooCommerce - Payphone Gateway <3.2.0 - XSS
CVSS 7.1
CVE-2025-32517
HIGH
SCAND MultiMailer <= 1.0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31379
HIGH
Insert HTML Here <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,198
Exploit Likelihood
High