CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,287 vulnerabilities with CWE-79
CVE-2025-23754
HIGH
The Loops <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23752
HIGH
NotFound CGD Arrange Terms <1.1.3 - XSS
CVSS 7.1
CVE-2025-23669
MEDIUM
Nurul Amin, Mohammad Saiful Islam WP Smart Tooltip <1.0.0 - XSS
CVSS 6.5
CVE-2025-23574
HIGH
CubePM <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23531
HIGH
RSVPMaker Volunteer Roles <1.5.1 - XSS
CVSS 7.1
CVE-2025-23792
HIGH
Passwordless WP - Login with your glance or fingerprint <= 1.1.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23457
HIGH
Shipdeo <= 1.2.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22513
HIGH
NotFound Simple Locator <2.0.4 - XSS
CVSS 7.1
CVE-2025-0721
MEDIUM
needyamin image_gallery 1.0 - Cross-Site Scripting via Username Parameter in view.php
CVSS 4.3
CVE-2025-0350
MEDIUM
Divi Carousel Maker < 2.1.0 - Authenticated Stored XSS via Image and Logo Attributes
CVSS 6.4
CVE-2025-0710
LOW
CampCodes School Management Software 1.0 - XSS
CVSS 3.5
CVE-2025-0709
LOW
Dcat-Admin 2.2.1-beta - Cross-Site Scripting in Roles Page
CVSS 2.4
CVE-2025-0708
LOW
fumiao opencms 2.2 - Cross-Site Scripting via Add Model Management Page Template Prefix
CVSS 3.5
CVE-2025-0706
LOW
JoeyBling bootplus <247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d - XSS
CVSS 2.4
CVE-2025-24755
MEDIUM
add-ons.org PDF Invoices for WooCommerce + Drag and Drop Template B...
CVSS 6.5
CVE-2025-24746
MEDIUM
Popup Maker <= 1.20.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24732
MEDIUM
BookingPress <= 1.1.25 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24731
MEDIUM
IP2Location Country Blocker <= 2.38.3 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24730
MEDIUM
RexTheme WP VR <= 8.5.14 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-24729
MEDIUM
ElementInvader Addons for Elementor <= 1.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24727
MEDIUM
Contact Form Email <= 1.3.52 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24726
MEDIUM
HT Contact Form 7 <= 1.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24723
MEDIUM
CodePeople Booking Calendar Contact Form <1.2.55 - XSS
CVSS 5.9
CVE-2025-24722
MEDIUM
F.A.Q Builder Team FAQ Builder AYS - XSS
CVSS 5.9
CVE-2025-24721
MEDIUM
Easy YouTube Gallery <= 1.0.4 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,287
Exploit Likelihood
High