CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,217 vulnerabilities with CWE-79
CVE-2025-31735
MEDIUM
Footnotes for WordPress <= 2016.1230 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31734
MEDIUM
Syed Balkhi Simple Post Expiration <1.0.2 - XSS
CVSS 6.5
CVE-2025-31733
MEDIUM
WP Sitemap <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31731
MEDIUM
Philip John Author Bio Shortcode <2.5.3 - XSS
CVSS 6.5
CVE-2025-31730
MEDIUM
DigitalCourt Marketer Addons <1.0.1 - XSS
CVSS 6.5
CVE-2025-31121
MEDIUM
OpenEMR < 7.0.3.1 - Stored Cross-Site Scripting via EXIF Title in Patient Image
CVSS 5.4
CVE-2025-30676
MEDIUM
Apache OFBiz < 18.12.19 - Cross-Site Scripting
CVSS 6.1
CVE-2025-2906
MEDIUM
Contempo Real Estate Core <3.6.3 - XSS
CVSS 6.4
CVE-2025-1512
MEDIUM
PowerPack Elementor Addons <2.9.0 - XSS
CVSS 6.4
CVE-2025-1267
MEDIUM
Groundhogg <3.7.4.1 - XSS
CVSS 5.5
CVE-2025-31409
MEDIUM
Bridge Core < 3.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30924
HIGH
Primer MyData for Woocommerce - XSS
CVSS 7.1
CVE-2025-30917
HIGH
SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30902
HIGH
ATL Software SRL AEC Kiosque <1.9.3 - XSS
CVSS 7.1
CVE-2025-30869
HIGH
Parakoos Image Wall <= 3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30848
HIGH
Bob Hostel <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30840
HIGH
Michel - xiligroup dev xili-dictionary <2.12.5 - XSS
CVSS 7.1
CVE-2025-30837
HIGH
Cristiano Zanca WooCommerce Fattureincloud <2.6.7 - XSS
CVSS 7.1
CVE-2025-30827
HIGH
Saleswonder Team Tobias WP2LEADS - XSS
CVSS 7.1
CVE-2025-30808
HIGH
About Author <= 1.6.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30798
HIGH
rickonline_nl Better WishList API <1.1.4 - XSS
CVSS 7.1
CVE-2025-30796
HIGH
The Ultimate WordPress Toolkit - WP Extended <= 3.0.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30794
HIGH
The Events Calendar Event Tickets <5.20.0 - XSS
CVSS 7.1
CVE-2025-30614
HIGH
Google Font Fix <= 2.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30613
MEDIUM
Nmedia MailChimp <= 5.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,217
Exploit Likelihood
High