CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,227 vulnerabilities with CWE-79
CVE-2025-26536
HIGH
Yendif Player Another Events Calendar <1.7.0 - XSS
CVSS 7.1
CVE-2025-25134
HIGH
Theme Demo Bar <= 1.6.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23964
HIGH
Google Plus <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23735
HIGH
Cosmin Schiopu Infugrator <1.0.3 - XSS
CVSS 7.1
CVE-2025-23728
HIGH
AuMenu <= 1.1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23714
HIGH
AppReview <= 0.2.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23704
HIGH
Your Lightbox <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23680
HIGH
Narnoo Operator <= 2.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23666
HIGH
NotFound Management-screen-droptiles - XSS
CVSS 7.1
CVE-2025-23638
HIGH
NotFound Frontend Post Submission <1.0 - XSS
CVSS 7.1
CVE-2025-23633
HIGH
WP Database Audit <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23632
HIGH
Rhizome Networks CG Button <1.0.5.6 - XSS
CVSS 7.1
CVE-2025-23612
HIGH
Pixobe Cartography <= 1.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23546
HIGH
NotFound RDP inGroups+ <1.0.6 - XSS
CVSS 7.1
CVE-2025-23543
HIGH
FOMO Pay Chinese Payment Solution <= 2.0.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23542
HIGH
RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23466
HIGH
wpsiteeditor Site Editor Google Map <1.0.1 - XSS
CVSS 7.1
CVE-2025-23460
HIGH
NotFound RWS Enquiry And Lead Follow-up - XSS
CVSS 7.1
CVE-2025-23459
HIGH
NotFound NS Simple Intro Loader <2.2.3 - XSS
CVSS 7.1
CVE-2025-22283
HIGH
GetSocial <= 2.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1312
MEDIUM
The Ultimate Blocks - WordPress Blocks Plugin <3.2.7 - XSS
CVSS 6.4
CVE-2025-1703
MEDIUM
WordPress Ultimate Blocks <3.2.7 - XSS
CVSS 6.4
CVE-2025-1439
MEDIUM
Advanced iFrame < 2024.5 - Authenticated Stored Cross-Site Scripting via Shortcode src Attribute
CVSS 6.4
CVE-2025-1437
MEDIUM
Advanced iFrame < 2025.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2025-2167
MEDIUM
WordPress Event post plugin <5.9.9 - XSS
CVSS 5.4
Details
Vulnerabilities
45,227
Exploit Likelihood
High