CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2025-22797
MEDIUM
Gallery and Lightbox <=1.0.14 - XSS
CVSS 6.5
CVE-2025-22795
HIGH
Thorsten Krug Multilang Contact Form <1.5 - XSS
CVSS 7.1
CVE-2025-22793
HIGH
Bold pagos en linea <= 3.1.4 - DOM-Based Cross-Site Scripting
CVSS 7.1
CVE-2025-22788
MEDIUM
CoDesigner WooCommerce Builder for Elementor <4.7.17.2 - XSS
CVSS 5.9
CVE-2025-22781
MEDIUM
Nativery < 0.1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22780
MEDIUM
wp-pano <= 1.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22778
HIGH
Lijit Search <= 1.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22776
HIGH
WP Bulletin Board <= 1.1.4 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22769
MEDIUM
Creative Brahma Multifox <= 1.3.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22766
HIGH
Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22765
HIGH
WP Order By <= 1.4.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22764
HIGH
wpwebs Team - VA Jariwala WP Post Corrector <1.0.2 - XSS
CVSS 7.1
CVE-2025-22762
MEDIUM
Octrace Studio WordPress HelpDesk & Support Ticket System Plugin - XSS
CVSS 5.9
CVE-2025-22761
MEDIUM
Olaf Lederer Ajax Contact Form <1.2.5.1 - XSS
CVSS 6.5
CVE-2025-22760
HIGH
CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22759
MEDIUM
BoldGrid Post and Page Builder by BoldGrid <= 1.27.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22758
MEDIUM
Elementor AI Addons <= 2.2.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22755
HIGH
WP Headmaster <= 0.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22754
HIGH
Berkman Center for Internet & Society Amber <1.4.4 - XSS
CVSS 7.1
CVE-2025-22753
HIGH
turboSMTP <= 4.6 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22752
HIGH
GSheetConnector for Forminator Forms <= 1.0.12 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-22751
HIGH
Mighty Digital Partners <0.2.0 - XSS
CVSS 7.1
CVE-2025-22750
HIGH
Tarak Patel Post Carousel & Slider <1.0.4 - XSS
CVSS 7.1
CVE-2025-22749
MEDIUM
AwoThemes Social Media Engine <1.0.2 - XSS
CVSS 6.5
CVE-2025-22748
MEDIUM
SetMore Theme - Custom Post Types <1.1 - XSS
CVSS 6.5
Details
Vulnerabilities
45,293
Exploit Likelihood
High