CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-23894 HIGH
Tatsuya Fukata, Alexander Ovsov wp-flickr-press <2.6.4 - XSS
CVSS 7.1
CVE-2025-23836 HIGH
SuryaBhan Custom Coming Soon <2.2 - XSS
CVSS 7.1
CVE-2025-23835 HIGH
Legal + < 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23834 HIGH
NotFound Links/Problem Reporter <2.6.0 - XSS
CVSS 7.1
CVE-2025-23733 HIGH
sayocode SC Simple Zazzle <1.1.6 - XSS
CVSS 7.1
CVE-2025-23730 HIGH
NotFound FLX Dashboard Groups <0.0.8 - XSS
CVSS 7.1
CVE-2025-23729 HIGH
XTRA Settings <= 2.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23727 HIGH
AZ Content Finder <= 0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23725 HIGH
TaskMeister Accessibility Task Manager <1.2.1 - XSS
CVSS 7.1
CVE-2025-23724 HIGH
University Quizzes Online <1.4 - XSS
CVSS 7.1
CVE-2025-23723 HIGH
Plestar Directory Listing <1.0 - XSS
CVSS 7.1
CVE-2025-23722 HIGH
Mind3doM RyeBread Widgets <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23636 HIGH
Dimitar Atanasov My Favorite Car <1.0 - XSS
CVSS 7.1
CVE-2025-23634 HIGH
Youtube Video Grid <= 1.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23629 HIGH
Subhasis Laha Gallerio <1.0.1 - XSS
CVSS 7.1
CVE-2025-23628 HIGH
GeoDigs <= 3.4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23626 HIGH
Kumihimo <= 1.0.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23624 HIGH
Alessandro Benoit WpDevTool <0.1.1 - XSS
CVSS 7.1
CVE-2025-23545 HIGH
Navnish Bhardwaj WP Social Broadcast - XSS
CVSS 7.1
CVE-2025-23544 HIGH
StatPressCN <= 1.9.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23541 HIGH
edmon Download, Downloads <= 1.4.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23540 HIGH
Mohsin Khan WP Front-end <2.1.0 - XSS
CVSS 7.1
CVE-2025-22264 HIGH
WP Query Creator <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24530 MEDIUM
phpMyAdmin 5.0.0-5.2.1 - Stored Cross-Site Scripting via Crafted Table or Database Name
CVSS 6.4
CVE-2025-24529 MEDIUM
phpMyAdmin 5.0.0-5.2.1 - Stored Cross-Site Scripting in Insert Tab
CVSS 6.4
Details
Vulnerabilities 45,293
Exploit Likelihood High