CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2025-22585 MEDIUM
themebon Ultimate Image Hover Effects <1.1.2 - XSS
CVSS 6.5
CVE-2025-22584 MEDIUM
Timeline Pro <= 1.3 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22581 MEDIUM
Bytephp Arcade Ready <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22580 MEDIUM
Biltorvet Dealer Tools <1.0.22 - XSS
CVSS 6.5
CVE-2025-22579 MEDIUM
Arefly WP Header Notification <1.2.7 - XSS
CVSS 5.9
CVE-2025-22578 MEDIUM
WP Cookie <= 1.0.0 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-22577 MEDIUM
Able Player <= 1.0 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-22574 MEDIUM
ICS Button <= 0.6 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22573 MEDIUM
Icons Enricher <= 1.0.8 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22572 MEDIUM
brianmiyaji Legacy ePlayer <0.9.9 - XSS
CVSS 6.5
CVE-2025-22558 MEDIUM
Marcus C. J. Hartmann mcjh button shortcode <1.6.4 - XSS
CVSS 6.5
CVE-2025-22554 MEDIUM
Eric Franklin Video Embed Optimizer - XSS
CVSS 6.5
CVE-2025-22551 MEDIUM
Boot-Modal <= 1.9.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22550 MEDIUM
AddFunc Mobile Detect <= 3.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22549 MEDIUM
Pablo Cornehl WP Github <1.3.3 - XSS
CVSS 6.5
CVE-2025-22548 HIGH
Frank Koenen ldap_login_password_and_role_manager <1.0.12 - XSS
CVSS 7.1
CVE-2025-22547 HIGH
JK Html To Pdf <= 1.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-22546 MEDIUM
One Plus Solution jQuery TwentyTwenty - XSS
CVSS 6.5
CVE-2025-22545 MEDIUM
iframe to embed <= 1.2 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22544 MEDIUM
Mind Doodle Visual Sitemaps & Tasks <1.6 - XSS
CVSS 6.5
CVE-2025-22532 MEDIUM
Nagy Sandor Simple Photo Sphere <0.0.10 - XSS
CVSS 6.5
CVE-2025-22531 MEDIUM
Urdu Formatter - Shamil <= 0.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-22530 MEDIUM
SIOT Payment Button Plugin <1.1.19 - XSS
CVSS 6.5
CVE-2025-22529 MEDIUM
WORDPRESTEEM WE Blocks <1.3.5 - XSS
CVSS 6.5
CVE-2025-22528 MEDIUM
Huurkalender WP <= 1.5.6 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,293
Exploit Likelihood High