CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22827 MEDIUM
WP Joomag <= 2.5.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22826 MEDIUM
Sell Digital Downloads <= 2.2.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22824 MEDIUM
Lucia Intelisano Live Flight Radar <1.0 - XSS
CVSS 6.5
CVE-2025-22823 MEDIUM
Justin Twerdy Genesis Style Shortcodes <1.0 - XSS
CVSS 6.5
CVE-2025-22822 MEDIUM
Bishawjit Das wp custom countdown - XSS
CVSS 6.5
CVE-2025-22821 MEDIUM
StorePress <= 1.0.12 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22820 MEDIUM
VR Views <= 1.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22819 MEDIUM
4wpbari Qr Code and Barcode Scanner Reader <1.0.0 - XSS
CVSS 6.5
CVE-2025-22818 MEDIUM
S3Bubble S3Player - WooCommerce & Elementor Integration <4.2.1 - XSS
CVSS 6.5
CVE-2025-22817 MEDIUM
Venutius BP Profile Shortcodes Extra <2.6.0 - XSS
CVSS 6.5
CVE-2025-22815 MEDIUM
bPlugins Button Block <= 1.1.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22813 MEDIUM
Conversational Forms for ChatBot <= 1.4.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22812 MEDIUM
FlickDevs News Ticker Widget <1.3.2 - XSS
CVSS 6.5
CVE-2025-22811 MEDIUM
Modeltheme MT Addons for Elementor <1.0.7 - XSS
CVSS 6.5
CVE-2025-22810 MEDIUM
CBB Team Content Blocks Builder <2.7.6 - XSS
CVSS 6.5
CVE-2025-22809 MEDIUM
Gravity Master PDF Catalog Woocommerce <2.0 - XSS
CVSS 6.5
CVE-2025-22808 MEDIUM
Surbma | Premium WP <= 9.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22807 MEDIUM
Robert Peake Responsive Flickr Slideshow <2.6.0 - XSS
CVSS 6.5
CVE-2025-22806 MEDIUM
Black Widgets For Elementor <= 1.3.8 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22805 MEDIUM
ThemePoints Skill Bar <= 1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22804 MEDIUM
Author Avatars List/Block <2.1.23 - XSS
CVSS 6.5
CVE-2025-22803 MEDIUM
VillaTheme Advanced Product Information for WooCommerce <1.1.4 - XSS
CVSS 6.5
CVE-2025-22802 MEDIUM
Email Templates Customizer <2.1.4 - XSS
CVSS 6.5
CVE-2025-22801 MEDIUM
HasThemes Free WooCommerce Theme 99fy Ext <1.2.8 - XSS
CVSS 6.5
CVE-2025-22595 HIGH
Yamna Khawaja Mailing Group Listserv <2.0.9 - XSS
CVSS 7.1
Details
Vulnerabilities 45,293
Exploit Likelihood High