CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,217 vulnerabilities with CWE-79
CVE-2025-31735 MEDIUM
Footnotes for WordPress <= 2016.1230 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31734 MEDIUM
Syed Balkhi Simple Post Expiration <1.0.2 - XSS
CVSS 6.5
CVE-2025-31733 MEDIUM
WP Sitemap <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-31731 MEDIUM
Philip John Author Bio Shortcode <2.5.3 - XSS
CVSS 6.5
CVE-2025-31730 MEDIUM
DigitalCourt Marketer Addons <1.0.1 - XSS
CVSS 6.5
CVE-2025-31121 MEDIUM
OpenEMR < 7.0.3.1 - Stored Cross-Site Scripting via EXIF Title in Patient Image
CVSS 5.4
CVE-2025-30676 MEDIUM
Apache OFBiz < 18.12.19 - Cross-Site Scripting
CVSS 6.1
CVE-2025-2906 MEDIUM
Contempo Real Estate Core <3.6.3 - XSS
CVSS 6.4
CVE-2025-1512 MEDIUM
PowerPack Elementor Addons <2.9.0 - XSS
CVSS 6.4
CVE-2025-1267 MEDIUM
Groundhogg <3.7.4.1 - XSS
CVSS 5.5
CVE-2025-31409 MEDIUM
Bridge Core < 3.3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30924 HIGH
Primer MyData for Woocommerce - XSS
CVSS 7.1
CVE-2025-30917 HIGH
SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30902 HIGH
ATL Software SRL AEC Kiosque <1.9.3 - XSS
CVSS 7.1
CVE-2025-30869 HIGH
Parakoos Image Wall <= 3.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30848 HIGH
Bob Hostel <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30840 HIGH
Michel - xiligroup dev xili-dictionary <2.12.5 - XSS
CVSS 7.1
CVE-2025-30837 HIGH
Cristiano Zanca WooCommerce Fattureincloud <2.6.7 - XSS
CVSS 7.1
CVE-2025-30827 HIGH
Saleswonder Team Tobias WP2LEADS - XSS
CVSS 7.1
CVE-2025-30808 HIGH
About Author <= 1.6.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30798 HIGH
rickonline_nl Better WishList API <1.1.4 - XSS
CVSS 7.1
CVE-2025-30796 HIGH
The Ultimate WordPress Toolkit - WP Extended <= 3.0.14 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30794 HIGH
The Events Calendar Event Tickets <5.20.0 - XSS
CVSS 7.1
CVE-2025-30614 HIGH
Google Font Fix <= 2.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-30613 MEDIUM
Nmedia MailChimp <= 5.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,217
Exploit Likelihood High