CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,211 vulnerabilities with CWE-79
CVE-2025-31897 MEDIUM
Arrow Custom Feed for Twitter <1.5.3 - XSS
CVSS 6.5
CVE-2025-31895 MEDIUM
paulrosen ABC Notation <6.1.3 - XSS
CVSS 6.5
CVE-2025-31894 MEDIUM
Ebook Downloader <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31892 MEDIUM
Themeum WP Crowdfunding <2.1.13 - XSS
CVSS 6.5
CVE-2025-31891 MEDIUM
Gosign - Posts Slider Block <1.1.0 - XSS
CVSS 6.5
CVE-2025-31890 MEDIUM
Simple Map No Api <= 1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31885 MEDIUM
Daniel Floeter Hyperlink Group Block <2.0.1 - XSS
CVSS 6.5
CVE-2025-31884 MEDIUM
WP CMS Ninja Norse Rune Oracle Plugin <1.4.3 - XSS
CVSS 6.5
CVE-2025-31883 MEDIUM
WPWebinarSystem WebinarPress <1.33.27 - XSS
CVSS 5.9
CVE-2025-31875 MEDIUM
FancyPost <= 6.0.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31874 MEDIUM
WebberZone Snippetz <= 2.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31873 MEDIUM
SheetDB <= 1.3.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31869 MEDIUM
Modernaweb Studio Black Widgets For Elementor <1.3.9 - XSS
CVSS 6.5
CVE-2025-31864 MEDIUM
Beam me up Scotty - Back to Top Button <= 1.0.23 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-31861 MEDIUM
WPOrbit Support Perfect Font Awesome Integration <2.2 - XSS
CVSS 6.5
CVE-2025-31860 MEDIUM
WP AdCenter <= 2.5.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31857 MEDIUM
Directorist AddonsKit for Elementor <= 1.1.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31855 MEDIUM
SMM API <= 6.0.31 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31853 MEDIUM
Erez Hadas-Sonnenschein Smartarget Popup <1.4 - XSS
CVSS 5.9
CVE-2025-31851 MEDIUM
Beds24 Online Booking <2.0.26 - XSS
CVSS 6.5
CVE-2025-31850 MEDIUM
RedefiningTheWeb PDF Generator Addon - XSS
CVSS 6.5
CVE-2025-31849 MEDIUM
fbtemplates Nemesis All-in-One <1.1.0 - XSS
CVSS 6.5
CVE-2025-31847 MEDIUM
mFolio Lite <= 1.2.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-31844 MEDIUM
Noor Alam Magical Blocks <1.0.10 - XSS
CVSS 6.5
CVE-2025-31838 MEDIUM
Eventbee RSVP Widget <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,211
Exploit Likelihood High