CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,227 vulnerabilities with CWE-79
CVE-2025-26536 HIGH
Yendif Player Another Events Calendar <1.7.0 - XSS
CVSS 7.1
CVE-2025-25134 HIGH
Theme Demo Bar <= 1.6.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23964 HIGH
Google Plus <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23735 HIGH
Cosmin Schiopu Infugrator <1.0.3 - XSS
CVSS 7.1
CVE-2025-23728 HIGH
AuMenu <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23714 HIGH
AppReview <= 0.2.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23704 HIGH
Your Lightbox <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23680 HIGH
Narnoo Operator <= 2.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23666 HIGH
NotFound Management-screen-droptiles - XSS
CVSS 7.1
CVE-2025-23638 HIGH
NotFound Frontend Post Submission <1.0 - XSS
CVSS 7.1
CVE-2025-23633 HIGH
WP Database Audit <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23632 HIGH
Rhizome Networks CG Button <1.0.5.6 - XSS
CVSS 7.1
CVE-2025-23612 HIGH
Pixobe Cartography <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23546 HIGH
NotFound RDP inGroups+ <1.0.6 - XSS
CVSS 7.1
CVE-2025-23543 HIGH
FOMO Pay Chinese Payment Solution <= 2.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23542 HIGH
RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23466 HIGH
wpsiteeditor Site Editor Google Map <1.0.1 - XSS
CVSS 7.1
CVE-2025-23460 HIGH
NotFound RWS Enquiry And Lead Follow-up - XSS
CVSS 7.1
CVE-2025-23459 HIGH
NotFound NS Simple Intro Loader <2.2.3 - XSS
CVSS 7.1
CVE-2025-22283 HIGH
GetSocial <= 2.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1312 MEDIUM
The Ultimate Blocks - WordPress Blocks Plugin <3.2.7 - XSS
CVSS 6.4
CVE-2025-1703 MEDIUM
WordPress Ultimate Blocks <3.2.7 - XSS
CVSS 6.4
CVE-2025-1439 MEDIUM
Advanced iFrame < 2024.5 - Authenticated Stored Cross-Site Scripting via Shortcode src Attribute
CVSS 6.4
CVE-2025-1437 MEDIUM
Advanced iFrame < 2025.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-2167 MEDIUM
WordPress Event post plugin <5.9.9 - XSS
CVSS 5.4
Details
Vulnerabilities 45,227
Exploit Likelihood High