CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-23775 MEDIUM
WWP GMAPS for WPBakery Page Builder Free - XSS
CVSS 6.5
CVE-2025-23772 MEDIUM
imaGenius <= 1.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23760 HIGH
Chatter < 1.0.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-23783 MEDIUM
Greek Namedays Widget From Eortologio.Net <20191113 - XSS
CVSS 6.5
CVE-2025-23767 MEDIUM
Revolutionart Marmoset Viewer <1.9.3 - XSS
CVSS 6.5
CVE-2025-23699 HIGH
TechMix Event Countdown Timer Plugin <1.4 - XSS
CVSS 7.1
CVE-2025-23689 HIGH
Poco Blogger Image Import <n/a - XSS
CVSS 7.1
CVE-2025-23644 MEDIUM
QuoteMedia Tools <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23642 MEDIUM
Sidebar-Content from Shortcode <= 2.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-23641 MEDIUM
Powie's pLinks PagePeeker <1.0.2 - XSS
CVSS 6.5
CVE-2025-23623 HIGH
Mahesh Bisen Contact Form 7 - CCAvenue Addon <1.0 - XSS
CVSS 7.1
CVE-2025-23620 HIGH
Captchelfie - Captcha by Selfie <1.0.8 - XSS
CVSS 7.1
CVE-2025-23547 HIGH
Peter Shaw LH Login Page <2.14 - XSS
CVSS 7.1
CVE-2025-23453 HIGH
Myriad Solutionz Stars SMTP Mailer <1.7 - XSS
CVSS 7.1
CVE-2025-23452 HIGH
EditionGuard for WooCommerce - eBook Sales with DRM <= 3.4.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23444 MEDIUM
Scroll Top Advanced <= 2.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-23438 HIGH
MarvinLabs WP PT-Viewer <2.0.2 - XSS
CVSS 7.1
CVE-2025-23434 MEDIUM
Albertolabs.com Easy EU Cookie law <1.3.3.1 - XSS
CVSS 6.5
CVE-2025-23432 HIGH
AlT Report <= 1.12.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-23429 HIGH
Altima Lookbook Free for WooCommerce <1.1.0 - XSS
CVSS 7.1
CVE-2025-0170 MEDIUM
DWT Directory & Listing WordPress Theme <3.3.3 - XSS
CVSS 6.1
CVE-2025-0215 MEDIUM
UpdraftPlus: WP Backup & Migration Plugin <1.24.12 - XSS
CVSS 6.1
CVE-2025-0485 LOW
native-php-cms 1.0 - Cross-Site Scripting via info Parameter in sysconfig_doedit.php
CVSS 3.5
CVE-2025-0483 LOW
native-php-cms 1.0 - Cross-Site Scripting via /fladmin/jump.php Message/Error Parameter
CVSS 3.5
CVE-2025-22798 MEDIUM
CHR Designer Responsive jQuery Slider - XSS
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High