CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-6462
MEDIUM
Yandex Metrika WordPress <1.2 - XSS
CVSS 4.8
CVE-2024-6335
MEDIUM
Tracking Code Manager < 2.3.0 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-5440
MEDIUM
If-So Dynamic Content Personalization < 1.8.0.3 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-5026
MEDIUM
CM Tooltip Glossary < 4.3.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-4091
LOW
Responsive Gallery Grid <2.3.15 - XSS
CVSS 3.5
CVE-2024-4004
LOW
Advanced Cron Manager < 2.5.7 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-4002
LOW
Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-3996
LOW
The Smart Post Show WordPress plugin <2.4.28 - XSS
CVSS 3.5
CVE-2024-3901
MEDIUM
Genesis Blocks < 3.1.4 - Stored Cross-Site Scripting via Custom Block Attributes
CVSS 6.8
CVE-2024-3062
MEDIUM
Save as Image Plugin by Pdfcrowd < 3.2.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-2869
MEDIUM
Easy Property Listings < 3.5.4 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-2643
MEDIUM
my_sticky_bar < 2.6.8 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-1663
MEDIUM
Ultimate Noindex Nofollow Tool II < 1.3.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13865
MEDIUM
S3Player < 4.2.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13828
MEDIUM
Badgearoo < 1.0.14 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13823
MEDIUM
360 Product Rotation < 1.5.8 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13730
MEDIUM
Podlove Podcast Publisher < 4.2.1 - Stored Cross-Site Scripting via Unsanitized Settings
CVSS 4.8
CVE-2024-13729
MEDIUM
Podlove Podcast Publisher < 4.1.24 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13727
MEDIUM
MemberSpace < 2.1.14 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13621
MEDIUM
GDPR Framework By Data443 WordPress Plugin < 2.2.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13619
MEDIUM
LifterLMS < 8.0.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13616
MEDIUM
VikBooking Hotel Booking Engine & PMS < 1.7.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13486
MEDIUM
Icegram Engage < 3.1.32 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13482
MEDIUM
Icegram Engage < 3.1.32 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13384
MEDIUM
Rbs Image Gallery WordPress <3.2.24 - XSS
CVSS 4.8
Details
Vulnerabilities
45,293
Exploit Likelihood
High