CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2025-22585
MEDIUM
themebon Ultimate Image Hover Effects <1.1.2 - XSS
CVSS 6.5
CVE-2025-22584
MEDIUM
Timeline Pro <= 1.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22581
MEDIUM
Bytephp Arcade Ready <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22580
MEDIUM
Biltorvet Dealer Tools <1.0.22 - XSS
CVSS 6.5
CVE-2025-22579
MEDIUM
Arefly WP Header Notification <1.2.7 - XSS
CVSS 5.9
CVE-2025-22578
MEDIUM
WP Cookie <= 1.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22577
MEDIUM
Able Player <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22574
MEDIUM
ICS Button <= 0.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22573
MEDIUM
Icons Enricher <= 1.0.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22572
MEDIUM
brianmiyaji Legacy ePlayer <0.9.9 - XSS
CVSS 6.5
CVE-2025-22558
MEDIUM
Marcus C. J. Hartmann mcjh button shortcode <1.6.4 - XSS
CVSS 6.5
CVE-2025-22554
MEDIUM
Eric Franklin Video Embed Optimizer - XSS
CVSS 6.5
CVE-2025-22551
MEDIUM
Boot-Modal <= 1.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22550
MEDIUM
AddFunc Mobile Detect <= 3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22549
MEDIUM
Pablo Cornehl WP Github <1.3.3 - XSS
CVSS 6.5
CVE-2025-22548
HIGH
Frank Koenen ldap_login_password_and_role_manager <1.0.12 - XSS
CVSS 7.1
CVE-2025-22547
HIGH
JK Html To Pdf <= 1.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22546
MEDIUM
One Plus Solution jQuery TwentyTwenty - XSS
CVSS 6.5
CVE-2025-22545
MEDIUM
iframe to embed <= 1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22544
MEDIUM
Mind Doodle Visual Sitemaps & Tasks <1.6 - XSS
CVSS 6.5
CVE-2025-22532
MEDIUM
Nagy Sandor Simple Photo Sphere <0.0.10 - XSS
CVSS 6.5
CVE-2025-22531
MEDIUM
Urdu Formatter - Shamil <= 0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22530
MEDIUM
SIOT Payment Button Plugin <1.1.19 - XSS
CVSS 6.5
CVE-2025-22529
MEDIUM
WORDPRESTEEM WE Blocks <1.3.5 - XSS
CVSS 6.5
CVE-2025-22528
MEDIUM
Huurkalender WP <= 1.5.6 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,293
Exploit Likelihood
High