CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,211 vulnerabilities with CWE-79
CVE-2025-31563 HIGH
Vimal Kava AI Search Bar <1.3 - XSS
CVSS 7.1
CVE-2025-31548 HIGH
M. Tuhin Ultimate Push Notifications <1.1.8 - XSS
CVSS 7.1
CVE-2025-31537 HIGH
madfishdigital Bulk NoIndex & NoFollow Toolkit - XSS
CVSS 7.1
CVE-2025-31462 HIGH
rzfarrell CGM Event Calendar <0.8.5 - XSS
CVSS 7.1
CVE-2025-31461 HIGH
NanoSupport <= 0.6.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31455 HIGH
Limit Max IPs Per User <= 1.5 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-31454 HIGH
NotFound Delete Post Revision - XSS
CVSS 7.1
CVE-2025-31446 HIGH
WP Cleaner <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31445 HIGH
Pages Order <= 1.1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31441 HIGH
WordPress Galleria <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31431 HIGH
WP Bookmarks <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-31086 HIGH
Nick McReynolds Product Table <2.1.4 - XSS
CVSS 7.1
CVE-2025-31085 HIGH
Michel - xiligroup dev xili-language <2.21.2 - XSS
CVSS 7.1
CVE-2025-31081 HIGH
ShortPixel Enable Media Replace <4.1.5 - XSS
CVSS 7.1
CVE-2025-31080 HIGH
Link Software LLC HTML Forms <1.5.1 - XSS
CVSS 7.1
CVE-2025-31078 HIGH
enuiretechnology Small Package Quotes - Worldwide Express Edition <...
CVSS 7.1
CVE-2025-30913 HIGH
podpirate Access Areas <1.5.19 - XSS
CVSS 7.1
CVE-2025-30906 HIGH
Coffee Code Tech Plugin Oficial - WooCommerce <1.7.3 - XSS
CVSS 7.1
CVE-2025-30905 HIGH
Ays Pro Secure Copy Content Protection & Locking <4.4.3 - XSS
CVSS 7.1
CVE-2025-30852 HIGH
Oracle Cards Lite <= 1.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30844 HIGH
Watu Quiz <= 3.4.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30778 HIGH
VForm <= 3.1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30554 HIGH
Frizzly <= 1.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-29049 MEDIUM
mathlive < 0.104.0 - Cross-Site Scripting via MathLive Function
CVSS 6.3
CVE-2025-26054 MEDIUM
Infinxt iEdge 100 2.1.32 - Cross-Site Scripting via LAN Description Field
CVSS 5.4
Details
Vulnerabilities 45,211
Exploit Likelihood High