CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-6462 MEDIUM
Yandex Metrika WordPress <1.2 - XSS
CVSS 4.8
CVE-2024-6335 MEDIUM
Tracking Code Manager < 2.3.0 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-5440 MEDIUM
If-So Dynamic Content Personalization < 1.8.0.3 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-5026 MEDIUM
CM Tooltip Glossary < 4.3.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-4091 LOW
Responsive Gallery Grid <2.3.15 - XSS
CVSS 3.5
CVE-2024-4004 LOW
Advanced Cron Manager < 2.5.7 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-4002 LOW
Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-3996 LOW
The Smart Post Show WordPress plugin <2.4.28 - XSS
CVSS 3.5
CVE-2024-3901 MEDIUM
Genesis Blocks < 3.1.4 - Stored Cross-Site Scripting via Custom Block Attributes
CVSS 6.8
CVE-2024-3062 MEDIUM
Save as Image Plugin by Pdfcrowd < 3.2.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-2869 MEDIUM
Easy Property Listings < 3.5.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-2643 MEDIUM
my_sticky_bar < 2.6.8 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-1663 MEDIUM
Ultimate Noindex Nofollow Tool II < 1.3.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13865 MEDIUM
S3Player < 4.2.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13828 MEDIUM
Badgearoo < 1.0.14 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13823 MEDIUM
360 Product Rotation < 1.5.8 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13730 MEDIUM
Podlove Podcast Publisher < 4.2.1 - Stored Cross-Site Scripting via Unsanitized Settings
CVSS 4.8
CVE-2024-13729 MEDIUM
Podlove Podcast Publisher < 4.1.24 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13727 MEDIUM
MemberSpace < 2.1.14 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13621 MEDIUM
GDPR Framework By Data443 WordPress Plugin < 2.2.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13619 MEDIUM
LifterLMS < 8.0.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13616 MEDIUM
VikBooking Hotel Booking Engine & PMS < 1.7.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13486 MEDIUM
Icegram Engage < 3.1.32 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13482 MEDIUM
Icegram Engage < 3.1.32 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13384 MEDIUM
Rbs Image Gallery WordPress <3.2.24 - XSS
CVSS 4.8
Details
Vulnerabilities 45,293
Exploit Likelihood High