CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,278 vulnerabilities with CWE-79
CVE-2025-0981 MEDIUM
ChurchCRM < 5.13.0 - Stored Cross-Site Scripting in Group Editor Description Field
CVSS 6.1
CVE-2025-0864 MEDIUM
Active Products Tables for WooCommerce < 1.0.6.6 - Reflected XSS via shortcodes_set
CVSS 6.1
CVE-2025-0805 MEDIUM
WordPress Loan Calculator <1.5.20 - XSS
CVSS 6.4
CVE-2025-1392 LOW
D-Link DIR-816 1.01TO - Cross-Site Scripting via SSID Parameter
CVSS 3.5
CVE-2025-26778 MEDIUM
Jordy Meow Gallery <= 2.2.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-26775 MEDIUM
BEAR - WooCommerce Bulk Editor and Products Manager Professional < 1.1.4.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-26772 MEDIUM
DethemeKit For Elementor <= 2.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26771 MEDIUM
SKT Blocks <= 1.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26770 MEDIUM
Joe Waymark <= 1.5.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26769 MEDIUM
Webilia Inc. Vertex Addons for Elementor <1.2.0 - XSS
CVSS 6.5
CVE-2025-26754 MEDIUM
bPlugins Timeline Block <1.1.1 - XSS
CVSS 6.5
CVE-2025-23845 HIGH
ERA404 ImageMeta <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23840 HIGH
WP-NOTCAPTCHA <= 1.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-0924 HIGH
WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Message Parameter
CVSS 7.2
CVE-2025-26767 MEDIUM
Themeum Qubely <= 1.8.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26766 MEDIUM
Leyka <= 3.31.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26761 MEDIUM
HashThemes Easy Elementor Addons <2.1.5 - XSS
CVSS 6.5
CVE-2025-23975 MEDIUM
NotFound Botnet Attack Blocker - XSS
CVSS 6.5
CVE-2025-22689 MEDIUM
Levan Tarbor Forex Calculators <1.3.6 - XSS
CVSS 6.5
CVE-2025-22680 HIGH
NotFound Ad Inserter Pro <2.7.39 - XSS
CVSS 7.1
CVE-2025-22676 MEDIUM
AWS S3 for WordPress Plugin - Upcasted <3.0.3 - XSS
CVSS 6.5
CVE-2025-22286 HIGH
enituretechnology LTL Freight Quotes - Worldwide Express Edition <5...
CVSS 7.1
CVE-2025-22284 HIGH
LTL Freight Quotes - Unishippers Edition <= 2.5.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1360 LOW
Internet Web Solutions Sublime CRM <20250207 - XSS
CVSS 3.5
CVE-2025-1359 MEDIUM
SIAM 2.0 - Cross-Site Scripting via /qrcode.jsp URL Parameter
CVSS 4.3
Details
Vulnerabilities 45,278
Exploit Likelihood High