CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22797 MEDIUM
Gallery and Lightbox <=1.0.14 - XSS
CVSS 6.5
CVE-2025-22795 HIGH
Thorsten Krug Multilang Contact Form <1.5 - XSS
CVSS 7.1
CVE-2025-22793 HIGH
Bold pagos en linea <= 3.1.4 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-22788 MEDIUM
CoDesigner WooCommerce Builder for Elementor <4.7.17.2 - XSS
CVSS 5.9
CVE-2025-22781 MEDIUM
Nativery < 0.1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22780 MEDIUM
wp-pano <= 1.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22778 HIGH
Lijit Search <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22776 HIGH
WP Bulletin Board <= 1.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22769 MEDIUM
Creative Brahma Multifox <= 1.3.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22766 HIGH
Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22765 HIGH
WP Order By <= 1.4.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22764 HIGH
wpwebs Team - VA Jariwala WP Post Corrector <1.0.2 - XSS
CVSS 7.1
CVE-2025-22762 MEDIUM
Octrace Studio WordPress HelpDesk & Support Ticket System Plugin - XSS
CVSS 5.9
CVE-2025-22761 MEDIUM
Olaf Lederer Ajax Contact Form <1.2.5.1 - XSS
CVSS 6.5
CVE-2025-22760 HIGH
CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22759 MEDIUM
BoldGrid Post and Page Builder by BoldGrid <= 1.27.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22758 MEDIUM
Elementor AI Addons <= 2.2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22755 HIGH
WP Headmaster <= 0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22754 HIGH
Berkman Center for Internet & Society Amber <1.4.4 - XSS
CVSS 7.1
CVE-2025-22753 HIGH
turboSMTP <= 4.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22752 HIGH
GSheetConnector for Forminator Forms <= 1.0.12 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22751 HIGH
Mighty Digital Partners <0.2.0 - XSS
CVSS 7.1
CVE-2025-22750 HIGH
Tarak Patel Post Carousel & Slider <1.0.4 - XSS
CVSS 7.1
CVE-2025-22749 MEDIUM
AwoThemes Social Media Engine <1.0.2 - XSS
CVSS 6.5
CVE-2025-22748 MEDIUM
SetMore Theme - Custom Post Types <1.1 - XSS
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High