CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-24729 MEDIUM
ElementInvader Addons for Elementor <= 1.3.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24727 MEDIUM
Contact Form Email <= 1.3.52 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24726 MEDIUM
HT Contact Form 7 <= 1.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24723 MEDIUM
CodePeople Booking Calendar Contact Form <1.2.55 - XSS
CVSS 5.9
CVE-2025-24722 MEDIUM
F.A.Q Builder Team FAQ Builder AYS - XSS
CVSS 5.9
CVE-2025-24721 MEDIUM
Easy YouTube Gallery <= 1.0.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24719 MEDIUM
wpdevart Widget Countdown <2.7.1 - XSS
CVSS 6.5
CVE-2025-24709 MEDIUM
Plethora Plugins Tabs + Accordions <1.1.5 - XSS
CVSS 6.5
CVE-2025-24706 MEDIUM
MultiVendorX WC Marketplace <4.2.13 - XSS
CVSS 6.5
CVE-2025-24704 MEDIUM
Sebastian Zaha Magic the Gathering Card Tooltips <3.4.0 - XSS
CVSS 6.5
CVE-2025-24702 MEDIUM
Xagio SEO <= 7.0.0.20 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-24687 MEDIUM
Lars Wallenborn Show/Hide Shortcode <1.0.0 - XSS
CVSS 6.5
CVE-2025-24681 MEDIUM
wpWax Product Carousel Slider & Grid Ultimate - XSS
CVSS 5.9
CVE-2025-24675 MEDIUM
osamaesh WP Visitor Statistics <7.2 - XSS
CVSS 6.5
CVE-2025-24674 MEDIUM
ShMapper by Teplitsa <= 1.5.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24668 MEDIUM
Themeisle PPOM for WooCommerce - XSS
CVSS 5.9
CVE-2025-24666 MEDIUM
ThemeIsle AI Chatbot for WordPress - Hyve Lite <1.2.2 - XSS
CVSS 5.9
CVE-2025-24658 MEDIUM
Joe Hawes Auction Nudge - Your eBay on Your Site <7.2.0 - XSS
CVSS 5.9
CVE-2025-24657 MEDIUM
WebToffee Wishlist for WooCommerce <2.1.2 - XSS
CVSS 5.9
CVE-2025-24644 MEDIUM
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.7.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-24638 MEDIUM
Pete Dring Create with Code <1.4 - XSS
CVSS 6.5
CVE-2025-24634 MEDIUM
Orbisius Simple Notice <1.1.3 - XSS
CVSS 5.9
CVE-2025-24627 MEDIUM
Linnea Huxford Blur Text <1.0.0 - XSS
CVSS 6.5
CVE-2025-24610 MEDIUM
Christian Leuenberg, L.net Web Solutions Restrict Anonymous Access ...
CVSS 6.5
CVE-2025-24595 MEDIUM
bPlugins All Embed - Elementor Addons <1.1.3 - XSS
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High