CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,227 vulnerabilities with CWE-79
CVE-2025-27267 HIGH
Random Quotes <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27014 HIGH
Hostiko < 30.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26929 MEDIUM
NOUS Ouvert Utile et Simple Accounting for WooCommerce <1.6.8 - XSS
CVSS 5.9
CVE-2025-26923 MEDIUM
Event post <= 5.9.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26922 MEDIUM
AuraMart <= 2.0.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26869 MEDIUM
Build < 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26747 MEDIUM
RainbowNews < 1.0.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26739 MEDIUM
themefunction newseqo <= 2.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26584 HIGH
NotFound TBTestimonials <1.7.3 - XSS
CVSS 7.1
CVE-2025-26583 HIGH
videowhisper Video Share VOD <2.7.2 - XSS
CVSS 7.1
CVE-2025-26581 HIGH
videowhisper Picture Gallery <1.6.2 - XSS
CVSS 7.1
CVE-2025-26579 HIGH
Videowhisper MicroPayments <3.1.6 - XSS
CVSS 7.1
CVE-2025-26576 HIGH
WP Simple Slideshow <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26575 HIGH
Kyle Maurer Display Post Meta <2.4.4 - XSS
CVSS 7.1
CVE-2025-26573 HIGH
Rizzi Guestbook <= 4.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26566 HIGH
In Stock Mailer for WooCommerce <= 2.1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26565 HIGH
kagla GNUPress <= 0.2.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26564 HIGH
GNUCommerce <= 1.5.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26560 HIGH
WP Contact Form III <= 1.6.2d - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26559 MEDIUM
Secure Invites <= 1.3 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-26546 HIGH
Cookies Pro <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26544 HIGH
UTM tags tracking for Contact Form 7 <= 2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26542 HIGH
Zalo Live Chat <= 1.1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26541 HIGH
CodeSolz Bitcoin/AltCoin Payment Gateway <1.7.6 - XSS
CVSS 7.1
CVE-2025-26537 MEDIUM
GDPR Tools <= 1.0.2 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,227
Exploit Likelihood High