CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-23592 HIGH
dForms <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23589 HIGH
ContentOptin Lite <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23583 HIGH
Explara Membership <= 0.0.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23578 HIGH
NotFound Custom CSS Addons <1.9.1 - XSS
CVSS 7.1
CVE-2025-23548 HIGH
Bilal TAS Responsivity <0.0.7 - XSS
CVSS 7.1
CVE-2025-23535 HIGH
REAL WordPress Sidebar <= 0.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-23509 HIGH
HyperComments <= 0.9.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23507 HIGH
Blrt WP Embed <= 1.6.9 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23506 HIGH
WP IMAP Auth <= 4.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23503 HIGH
NotFound Customizable Captcha & Contact Us <1.0.2 - XSS
CVSS 7.1
CVE-2025-23500 HIGH
Simple Custom post type custom field <1.0.3 - XSS
CVSS 7.1
CVE-2025-23498 HIGH
Translation.Pro <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23495 HIGH
WooCommerce Order Search <1.1.0 - XSS
CVSS 7.1
CVE-2025-23475 HIGH
History timeline < 0.7.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23462 HIGH
FWD Slider <= 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23449 HIGH
Simple shortcode buttons <= 1.3.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22772 HIGH
Mapbox for WP Advanced <= 1.0.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-24459 MEDIUM
JetBrains TeamCity < 2024.12.1 - Reflected Cross-Site Scripting on Vault Connection Page
CVSS 4.6
CVE-2025-23994 HIGH
Estatebud - Properties & Listings <5.5.0 - XSS
CVSS 7.1
CVE-2025-23580 HIGH
Matthew BizLibrary <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23551 HIGH
SexBundle <= 1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23489 HIGH
WP-Announcements <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23461 HIGH
Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog <0.2.990 - XSS
CVSS 7.1
CVE-2025-23454 HIGH
flashmaniac Nature FlipBook <1.7 - XSS
CVSS 7.1
CVE-2025-22661 MEDIUM
Online Payments - Get Paid with PayPal, Square & Stripe <= 3.20.0 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High