CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-8542 MEDIUM
Everest Forms < 3.0.3.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-8493 MEDIUM
The Events Calendar WordPress < 6.6.4 - XSS
CVSS 4.8
CVE-2024-8492 MEDIUM
Hustle < 7.8.5 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-8426 MEDIUM
Page Builder: Pagelayer < 1.8.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8397 MEDIUM
webtoffee/gdpr_cookie_consent < 2.61 - Stored Cross-Site Scripting via IP Header Logging
CVSS 5.4
CVE-2024-8284 MEDIUM
Download Manager < 3.2.99 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-8187 MEDIUM
The Smart Post Show WordPress plugin <3.0.1 - XSS
CVSS 4.8
CVE-2024-8095 MEDIUM
BabelZ <1.1.5 - CSRF
CVSS 6.1
CVE-2024-7769 MEDIUM
ClickSold IDX < 1.90 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-7761 MEDIUM
Simple Job Board < 2.12.2 - Stored Cross-Site Scripting via Editor Role Script Injection
CVSS 6.1
CVE-2024-7759 MEDIUM
PWA for WP < 1.7.72 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-7758 MEDIUM
Stylish Price List < 7.1.8 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-7556 MEDIUM
Simple Share < 0.5.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-6798 MEDIUM
DL Verification < 1.2 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-6797 MEDIUM
DL Robots.txt WordPress plugin <1.2 - XSS
CVSS 4.8
CVE-2024-6718 MEDIUM
PVN Auth Popup WordPress <1.0.0 - XSS
CVSS 5.4
CVE-2024-6713 MEDIUM
PVN Auth Popup WordPress <1.0.0 - XSS
CVSS 4.8
CVE-2024-6712 MEDIUM
MapFig Studio WordPress <0.2.1 - XSS
CVSS 6.1
CVE-2024-6711 LOW
Event Tickets with Ticket Scanner <2.3.8 - XSS
CVSS 3.5
CVE-2024-6708 MEDIUM
Profile Builder < 3.12.2 - Authenticated Stored Cross-Site Scripting in Admin Area
CVSS 4.8
CVE-2024-6693 MEDIUM
WordPress wccp-pro <15.3 - XSS
CVSS 4.8
CVE-2024-6668 MEDIUM
ProfilePro < 1.3 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-6667 MEDIUM
KBucket < 4.1.5 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-6665 MEDIUM
KBucket < 4.1.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6478 MEDIUM
CTT Expresso para WooCommerce WordPress <3.2.13 - XSS
CVSS 4.8
Details
Vulnerabilities 45,293
Exploit Likelihood High