CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,278 vulnerabilities with CWE-79
CVE-2025-0981
MEDIUM
ChurchCRM < 5.13.0 - Stored Cross-Site Scripting in Group Editor Description Field
CVSS 6.1
CVE-2025-0864
MEDIUM
Active Products Tables for WooCommerce < 1.0.6.6 - Reflected XSS via shortcodes_set
CVSS 6.1
CVE-2025-0805
MEDIUM
WordPress Loan Calculator <1.5.20 - XSS
CVSS 6.4
CVE-2025-1392
LOW
D-Link DIR-816 1.01TO - Cross-Site Scripting via SSID Parameter
CVSS 3.5
CVE-2025-26778
MEDIUM
Jordy Meow Gallery <= 2.2.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-26775
MEDIUM
BEAR - WooCommerce Bulk Editor and Products Manager Professional < 1.1.4.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-26772
MEDIUM
DethemeKit For Elementor <= 2.1.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26771
MEDIUM
SKT Blocks <= 1.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26770
MEDIUM
Joe Waymark <= 1.5.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26769
MEDIUM
Webilia Inc. Vertex Addons for Elementor <1.2.0 - XSS
CVSS 6.5
CVE-2025-26754
MEDIUM
bPlugins Timeline Block <1.1.1 - XSS
CVSS 6.5
CVE-2025-23845
HIGH
ERA404 ImageMeta <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23840
HIGH
WP-NOTCAPTCHA <= 1.3.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-0924
HIGH
WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Message Parameter
CVSS 7.2
CVE-2025-26767
MEDIUM
Themeum Qubely <= 1.8.12 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26766
MEDIUM
Leyka <= 3.31.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-26761
MEDIUM
HashThemes Easy Elementor Addons <2.1.5 - XSS
CVSS 6.5
CVE-2025-23975
MEDIUM
NotFound Botnet Attack Blocker - XSS
CVSS 6.5
CVE-2025-22689
MEDIUM
Levan Tarbor Forex Calculators <1.3.6 - XSS
CVSS 6.5
CVE-2025-22680
HIGH
NotFound Ad Inserter Pro <2.7.39 - XSS
CVSS 7.1
CVE-2025-22676
MEDIUM
AWS S3 for WordPress Plugin - Upcasted <3.0.3 - XSS
CVSS 6.5
CVE-2025-22286
HIGH
enituretechnology LTL Freight Quotes - Worldwide Express Edition <5...
CVSS 7.1
CVE-2025-22284
HIGH
LTL Freight Quotes - Unishippers Edition <= 2.5.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-1360
LOW
Internet Web Solutions Sublime CRM <20250207 - XSS
CVSS 3.5
CVE-2025-1359
MEDIUM
SIAM 2.0 - Cross-Site Scripting via /qrcode.jsp URL Parameter
CVSS 4.3
Details
Vulnerabilities
45,278
Exploit Likelihood
High