CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,256 vulnerabilities with CWE-79
CVE-2025-25460
MEDIUM
FlatPress 1.3.1 - Authenticated Stored Cross-Site Scripting in Add Entry TextArea Field
CVSS 4.8
CVE-2025-27352
HIGH
wumii team - Cross-Site Scripting
CVSS 7.1
CVE-2025-27351
MEDIUM
Local Search SEO Contact Page <= 4.0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27349
MEDIUM
nurelm Get Posts <= 0.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27348
MEDIUM
WP Social SEO Booster - Knowledge Graph Social Signals SEO <= 1.2.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27347
MEDIUM
techmix Direct Checkout Button for WooCommerce - XSS
CVSS 6.5
CVE-2025-27341
MEDIUM
afzal_du Reactive Mortgage Calculator <1.1 - XSS
CVSS 6.5
CVE-2025-27331
MEDIUM
WooCommerce Display Products by Tags <1.0.0 - XSS
CVSS 6.5
CVE-2025-27330
MEDIUM
PlayerJS <= 2.23 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-27329
MEDIUM
inlinkz EZ InLinkz linkup <0.18 - XSS
CVSS 6.5
CVE-2025-27327
MEDIUM
Winlin Live Streaming Video Player - XSS
CVSS 6.5
CVE-2025-27325
MEDIUM
Bruce Video.js HLS Player <= 1.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-27323
MEDIUM
Jon Bishop WP About Author <1.5 - XSS
CVSS 6.5
CVE-2025-27320
MEDIUM
Pankaj Mondal Profile Widget Ninja <4.3 - XSS
CVSS 6.5
CVE-2025-27307
MEDIUM
Quotes llama <= 3.0.1 - Reflected Cross-Site Scripting
CVSS 6.5
CVE-2025-27306
MEDIUM
Pathomation <= 2.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-27305
MEDIUM
Achal Jain Table of Contents Block <1.0.2 - XSS
CVSS 6.5
CVE-2025-27304
MEDIUM
Contact Form 7 Star Rating with font Awesome - XSS
CVSS 5.9
CVE-2025-27303
MEDIUM
Contact Form 7 Star Rating <1.10 - XSS
CVSS 5.9
CVE-2025-27280
MEDIUM
Alobaidi Archive Page <= 1.0.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-27266
MEDIUM
Ignacio Perez Hover Image Button <1.1.2 - XSS
CVSS 6.5
CVE-2025-27265
MEDIUM
Google Maps for WordPress <1.0.3 - XSS
CVSS 6.5
CVE-2025-0545
MEDIUM
Tekrom Technology T-Soft E-Commerce <5 - XSS
CVSS 4.7
CVE-2025-1618
MEDIUM
vtiger CRM 6.4.0-6.5.0 - Cross-Site Scripting via _operation Parameter
CVSS 4.3
CVE-2025-1617
LOW
Netis WF2780 2.1.41925 - Cross-Site Scripting via Wireless 2.4G Menu SSID Parameter
CVSS 2.4
Details
Vulnerabilities
45,256
Exploit Likelihood
High