CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,256 vulnerabilities with CWE-79
CVE-2025-26947 MEDIUM
bPlugins Services Section <1.3.4 - XSS
CVSS 6.5
CVE-2025-26945 MEDIUM
bPlugins Info Cards - Gutenberg <1.0.5 - XSS
CVSS 6.5
CVE-2025-26939 MEDIUM
bPlugins Counters Block <1.1.2 - XSS
CVSS 6.5
CVE-2025-26938 MEDIUM
bPlugins Countdown Timer <1.2.6 - XSS
CVSS 6.5
CVE-2025-26937 MEDIUM
bPlugins Icon List Block <1.1.3 - XSS
CVSS 6.5
CVE-2025-26913 MEDIUM
AR For WordPress <= 7.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26912 MEDIUM
HashThemes Easy Elementor Addons <2.1.6 - XSS
CVSS 6.5
CVE-2025-26907 HIGH
Estatik Mortgage Calculator <2.0.12 - XSS
CVSS 7.5
CVE-2025-26904 MEDIUM
WP Responsive Auto Fit Text <0.3 - XSS
CVSS 6.5
CVE-2025-26897 MEDIUM
Baden List Related Attachments <2.1.6 - XSS
CVSS 6.5
CVE-2025-26896 MEDIUM
PiwigoPress <= 2.33 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26893 MEDIUM
Kiran Potphode Easy Charts <1.2.3 - XSS
CVSS 6.5
CVE-2025-26891 MEDIUM
Ibtana <= 1.2.5.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26887 MEDIUM
EZ SQL Reports Shortcode Widget and DB Backup <= 5.21.35 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26884 MEDIUM
Greenshift Animation and Page Builder Blocks <= 10.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26882 MEDIUM
GhozyLab Popup Builder <1.1.33 - XSS
CVSS 6.5
CVE-2025-26881 MEDIUM
bPlugins Sticky Content <1.0.1 - XSS
CVSS 6.5
CVE-2025-26878 MEDIUM
patternsinthecloud Autoship Cloud <2.8.0.1 - XSS
CVSS 6.5
CVE-2025-26877 MEDIUM
Front End Users <= 3.2.30 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26868 HIGH
Fast Flow <= 1.2.16 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26751 HIGH
Alphabetic Pagination <= 3.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27145 LOW
copyparty < 1.16.15 - DOM-based Cross-Site Scripting via Drag-and-Drop File Upload
CVSS 3.6
CVE-2025-26530 HIGH
moodle 4.3.0-4.3.9 and 4.5.0-beta-4.5.1 - Reflected Cross-Site Scripting in Question Bank Filter
CVSS 8.3
CVE-2025-26529 HIGH
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Site Administration Live Log
CVSS 8.3
CVE-2025-26528 LOW
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Drag-and-Drop onto Image Question Type
CVSS 3.4
Details
Vulnerabilities 45,256
Exploit Likelihood High