CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-13383
MEDIUM
HD Quiz < 2.0.0 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13382
MEDIUM
Calculated Fields Form WordPress <5.2.64 - XSS
CVSS 4.8
CVE-2024-13357
MEDIUM
Ditty < 3.1.52 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13313
MEDIUM
AWeber < 7.3.21 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13128
MEDIUM
LearnPress < 4.2.7.5.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13127
MEDIUM
LearnPress < 4.2.7.5.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13053
MEDIUM
The Form Maker by 10Web WordPress plugin <1.15.33 - XSS
CVSS 4.8
CVE-2024-12874
MEDIUM
Top Comments WordPress Plugin < 1.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12873
MEDIUM
Custom Field Manager < 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12808
MEDIUM
WP ERP < 1.13.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12800
MEDIUM
IP Based Login < 2.4.1 - Authenticated Stored Cross-Site Scripting via Import Function
CVSS 4.8
CVE-2024-12770
MEDIUM
WP ULike < 4.7.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12743
MEDIUM
MailPoet < 5.5.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12739
MEDIUM
Mobile Contact Bar < 3.0.5 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12734
MEDIUM
Advance Post Prefix < 1.1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12733
MEDIUM
AffiliateImporterEb < 1.0.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12732
MEDIUM
AffiliateImporterEb < 1.0.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12726
MEDIUM
ClipArt WordPress Plugin <= 0.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12725
MEDIUM
Clasify Classified Listing < 1.0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12724
MEDIUM
WP DeskLite through 1.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12722
MEDIUM
Twitter Bootstrap Collapse aka Accordian Shortcode < 1.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-12716
MEDIUM
Simple Basic Contact Form < 20250114 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12680
MEDIUM
Prisna GWT WordPress Plugin < 1.4.14 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12679
MEDIUM
Prisna GWT WordPress Plugin < 1.4.14 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11843
MEDIUM
Panorama < 1.5.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
Details
Vulnerabilities
45,293
Exploit Likelihood
High