CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,227 vulnerabilities with CWE-79
CVE-2025-30860 MEDIUM
Jory Hogeveen Slidebars <0.5.8.2 - XSS
CVSS 6.5
CVE-2025-30850 MEDIUM
Dr. Flex <= 2.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30847 MEDIUM
Ashley Novelist <= 1.2.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-30838 MEDIUM
Cozy Blocks <= 2.1.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30836 MEDIUM
LatePoint <= 5.1.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30832 MEDIUM
Themify Event Post <= 1.3.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30826 MEDIUM
Pierre Lannoy IP Locator <4.1.0 - XSS
CVSS 6.5
CVE-2025-30818 MEDIUM
jAlbum Bridge <= 2.0.17 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30813 MEDIUM
Listamester <= 2.3.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30812 MEDIUM
sonalsinha21 SKT Addons for Elementor <3.5 - XSS
CVSS 6.5
CVE-2025-30800 MEDIUM
Gum Elementor Addon <= 1.3.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30799 MEDIUM
Pagup WP Google Street View <1.1.5 - XSS
CVSS 5.9
CVE-2025-30792 MEDIUM
Zumbo Comment Approved Notifier Extended <5.2 - XSS
CVSS 5.9
CVE-2025-30789 MEDIUM
Clearout Email Validator <3.2.0 - XSS
CVSS 5.9
CVE-2025-30786 MEDIUM
Quotes llama <= 3.1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-30780 MEDIUM
cubecolour Audio Album <1.5.0 - XSS
CVSS 6.5
CVE-2025-30779 MEDIUM
Nick Doneren met Mollie <2.10.7 - XSS
CVSS 6.5
CVE-2025-30776 MEDIUM
webvitaly Sitekit <= 1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30771 MEDIUM
Alain-Aymerick FRANCOIS WP Cassify <2.3.5 - XSS
CVSS 6.5
CVE-2025-30770 MEDIUM
Syed Balkhi Charitable <1.8.4.7 - XSS
CVSS 6.5
CVE-2025-30768 MEDIUM
jAlbum Bridge <= 2.0.18 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-30766 MEDIUM
Happy Addons for Elementor <3.16.2 - XSS
CVSS 6.5
CVE-2025-30763 MEDIUM
Olaf Lederer EO4WP <1.0.8.4 - XSS
CVSS 6.5
CVE-2025-2685 MEDIUM
TablePress - WordPress <3.0.4 - XSS
CVSS 6.4
CVE-2025-31165 MEDIUM
NightWolf Penetration Testing Platform 1.2.2 - XSS
Details
Vulnerabilities 45,227
Exploit Likelihood High