CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-8542
MEDIUM
Everest Forms < 3.0.3.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-8493
MEDIUM
The Events Calendar WordPress < 6.6.4 - XSS
CVSS 4.8
CVE-2024-8492
MEDIUM
Hustle < 7.8.5 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-8426
MEDIUM
Page Builder: Pagelayer < 1.8.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8397
MEDIUM
webtoffee/gdpr_cookie_consent < 2.61 - Stored Cross-Site Scripting via IP Header Logging
CVSS 5.4
CVE-2024-8284
MEDIUM
Download Manager < 3.2.99 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8187
MEDIUM
The Smart Post Show WordPress plugin <3.0.1 - XSS
CVSS 4.8
CVE-2024-8095
MEDIUM
BabelZ <1.1.5 - CSRF
CVSS 6.1
CVE-2024-7769
MEDIUM
ClickSold IDX < 1.90 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-7761
MEDIUM
Simple Job Board < 2.12.2 - Stored Cross-Site Scripting via Editor Role Script Injection
CVSS 6.1
CVE-2024-7759
MEDIUM
PWA for WP < 1.7.72 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-7758
MEDIUM
Stylish Price List < 7.1.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-7556
MEDIUM
Simple Share < 0.5.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-6798
MEDIUM
DL Verification < 1.2 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-6797
MEDIUM
DL Robots.txt WordPress plugin <1.2 - XSS
CVSS 4.8
CVE-2024-6718
MEDIUM
PVN Auth Popup WordPress <1.0.0 - XSS
CVSS 5.4
CVE-2024-6713
MEDIUM
PVN Auth Popup WordPress <1.0.0 - XSS
CVSS 4.8
CVE-2024-6712
MEDIUM
MapFig Studio WordPress <0.2.1 - XSS
CVSS 6.1
CVE-2024-6711
LOW
Event Tickets with Ticket Scanner <2.3.8 - XSS
CVSS 3.5
CVE-2024-6708
MEDIUM
Profile Builder < 3.12.2 - Authenticated Stored Cross-Site Scripting in Admin Area
CVSS 4.8
CVE-2024-6693
MEDIUM
WordPress wccp-pro <15.3 - XSS
CVSS 4.8
CVE-2024-6668
MEDIUM
ProfilePro < 1.3 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-6667
MEDIUM
KBucket < 4.1.5 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-6665
MEDIUM
KBucket < 4.1.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6478
MEDIUM
CTT Expresso para WooCommerce WordPress <3.2.13 - XSS
CVSS 4.8
Details
Vulnerabilities
45,293
Exploit Likelihood
High