CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,278 vulnerabilities with CWE-79
CVE-2025-23857 HIGH
NotFound Essential WP Real Estate <1.1.3 - XSS
CVSS 7.1
CVE-2025-23853 HIGH
michelem NoFollow Free <1.6.3 - XSS
CVSS 7.1
CVE-2025-23851 HIGH
Coronavirus Outbreak Data Widgets <1.1.1 - XSS
CVSS 7.1
CVE-2025-23790 HIGH
wassereimer Easy Code Placement <18.11 - XSS
CVSS 7.1
CVE-2025-23789 HIGH
URL Shortener | Conversion Tracking | AB Testing | WooCommerce <= 9.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23788 HIGH
Easy Filter <= 1.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23787 HIGH
Easy Bet <= 1.0.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23786 HIGH
DuoGeek Email to Download <3.1.0 - XSS
CVSS 7.1
CVE-2025-23751 HIGH
Think201 Data Dash <= 1.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23750 HIGH
devbunchuk Custom Widget Creator <1.0.5 - XSS
CVSS 7.1
CVE-2025-23748 HIGH
Singsys -Awesome Gallery <1.0. - XSS
CVSS 7.1
CVE-2025-23742 HIGH
Podamibe Twilio Private Call <1.0.1 - XSS
CVSS 7.1
CVE-2025-23658 HIGH
Tauhidul Alam Advanced Angular Contact Form <1.1.0 - XSS
CVSS 7.1
CVE-2025-23657 HIGH
WordPress-to-candidate for Salesforce CRM <1.0.1 - XSS
CVSS 7.1
CVE-2025-23655 HIGH
Contact Form 7 - Paystack Addon <1.2.3 - XSS
CVSS 7.1
CVE-2025-23653 HIGH
Form To Online Booking <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23652 HIGH
Add custom content after post <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23651 HIGH
Scroll Top <= 1.3.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23650 HIGH
Tidy.ro <= 1.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23648 HIGH
AdsMiddle <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23647 HIGH
Ariagle WP-Clap <= 1.5 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23646 HIGH
Matt Brooks Library Instruction Recorder <1.1.4 - XSS
CVSS 7.1
CVE-2025-23598 HIGH
Recip.ly <= 1.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23571 HIGH
NotFound Internal Links Generator <3.51 - XSS
CVSS 7.1
CVE-2025-23568 HIGH
fredsted WP Login Attempt Log <1.3 - XSS
CVSS 7.1
Details
Vulnerabilities 45,278
Exploit Likelihood High