CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,256 vulnerabilities with CWE-79
CVE-2025-26947
MEDIUM
bPlugins Services Section <1.3.4 - XSS
CVSS 6.5
CVE-2025-26945
MEDIUM
bPlugins Info Cards - Gutenberg <1.0.5 - XSS
CVSS 6.5
CVE-2025-26939
MEDIUM
bPlugins Counters Block <1.1.2 - XSS
CVSS 6.5
CVE-2025-26938
MEDIUM
bPlugins Countdown Timer <1.2.6 - XSS
CVSS 6.5
CVE-2025-26937
MEDIUM
bPlugins Icon List Block <1.1.3 - XSS
CVSS 6.5
CVE-2025-26913
MEDIUM
AR For WordPress <= 7.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-26912
MEDIUM
HashThemes Easy Elementor Addons <2.1.6 - XSS
CVSS 6.5
CVE-2025-26907
HIGH
Estatik Mortgage Calculator <2.0.12 - XSS
CVSS 7.5
CVE-2025-26904
MEDIUM
WP Responsive Auto Fit Text <0.3 - XSS
CVSS 6.5
CVE-2025-26897
MEDIUM
Baden List Related Attachments <2.1.6 - XSS
CVSS 6.5
CVE-2025-26896
MEDIUM
PiwigoPress <= 2.33 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26893
MEDIUM
Kiran Potphode Easy Charts <1.2.3 - XSS
CVSS 6.5
CVE-2025-26891
MEDIUM
Ibtana <= 1.2.5.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26887
MEDIUM
EZ SQL Reports Shortcode Widget and DB Backup <= 5.21.35 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26884
MEDIUM
Greenshift Animation and Page Builder Blocks <= 10.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26882
MEDIUM
GhozyLab Popup Builder <1.1.33 - XSS
CVSS 6.5
CVE-2025-26881
MEDIUM
bPlugins Sticky Content <1.0.1 - XSS
CVSS 6.5
CVE-2025-26878
MEDIUM
patternsinthecloud Autoship Cloud <2.8.0.1 - XSS
CVSS 6.5
CVE-2025-26877
MEDIUM
Front End Users <= 3.2.30 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26868
HIGH
Fast Flow <= 1.2.16 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-26751
HIGH
Alphabetic Pagination <= 3.2.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-27145
LOW
copyparty < 1.16.15 - DOM-based Cross-Site Scripting via Drag-and-Drop File Upload
CVSS 3.6
CVE-2025-26530
HIGH
moodle 4.3.0-4.3.9 and 4.5.0-beta-4.5.1 - Reflected Cross-Site Scripting in Question Bank Filter
CVSS 8.3
CVE-2025-26529
HIGH
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Site Administration Live Log
CVSS 8.3
CVE-2025-26528
LOW
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Drag-and-Drop onto Image Question Type
CVSS 3.4
Details
Vulnerabilities
45,256
Exploit Likelihood
High