CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-23936 MEDIUM
CC Circle Progress Bar <= 1.0.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23935 MEDIUM
Magic Google Maps <= 1.0.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23934 MEDIUM
Giveaways and Contests by PromoSimple <= 1.24 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23933 MEDIUM
WpFreeware WpF Ultimate Carousel <1.0.11 - XSS
CVSS 6.5
CVE-2025-23928 MEDIUM
Aleksandar Arsovski Google Org Chart <1.0.1 - XSS
CVSS 6.5
CVE-2025-23927 MEDIUM
Massimo Serpilli Incredible Font Awesome - XSS
CVSS 6.5
CVE-2025-23926 MEDIUM
TC Ajax WP Query Search Filter <1.0.8 - XSS
CVSS 6.5
CVE-2025-23925 MEDIUM
Feedburner Optin Form <= 0.2.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23924 MEDIUM
WP Photo Sphere <= 3.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23909 MEDIUM
Common Ninja Compare Ninja <2.1.0 - XSS
CVSS 6.5
CVE-2025-23908 MEDIUM
Pastebin <= 1.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23907 MEDIUM
SOCIAL.NINJA <= 0.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23899 MEDIUM
Bookalet <= 1.0.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23897 MEDIUM
ApplyMetrics Apply - LinkedIn Buttons <2.3 - XSS
CVSS 6.5
CVE-2025-23896 MEDIUM
Oncle Tom Mindmeister Shortcode <1.0 - XSS
CVSS 6.5
CVE-2025-23893 MEDIUM
GMap Shortcode <= 2.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23892 MEDIUM
Progress Tracker <= 0.9.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23891 MEDIUM
Vincent Loy Yet Another Countdown <1.0.1 - XSS
CVSS 6.5
CVE-2025-23890 MEDIUM
Tom Ewer & Tito Pandu Easy Tweet Embed <1.7 - XSS
CVSS 6.5
CVE-2025-23887 MEDIUM
Scott Allan Wallick Blog Summary <0.1.2β - XSS
CVSS 6.5
CVE-2025-23886 MEDIUM
Annie <= 2.1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23878 MEDIUM
Scott Reilly Post-to-Post Links <4.2 - XSS
CVSS 5.9
CVE-2025-23877 MEDIUM
Nite Shortcodes <= 1.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23876 MEDIUM
WP krpano <= 1.2.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23873 MEDIUM
Anshi Solutions Category D3 Tree - XSS
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High