CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-13383 MEDIUM
HD Quiz < 2.0.0 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13382 MEDIUM
Calculated Fields Form WordPress <5.2.64 - XSS
CVSS 4.8
CVE-2024-13357 MEDIUM
Ditty < 3.1.52 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13313 MEDIUM
AWeber < 7.3.21 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-13128 MEDIUM
LearnPress < 4.2.7.5.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13127 MEDIUM
LearnPress < 4.2.7.5.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-13053 MEDIUM
The Form Maker by 10Web WordPress plugin <1.15.33 - XSS
CVSS 4.8
CVE-2024-12874 MEDIUM
Top Comments WordPress Plugin < 1.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12873 MEDIUM
Custom Field Manager < 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12808 MEDIUM
WP ERP < 1.13.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12800 MEDIUM
IP Based Login < 2.4.1 - Authenticated Stored Cross-Site Scripting via Import Function
CVSS 4.8
CVE-2024-12770 MEDIUM
WP ULike < 4.7.6 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12743 MEDIUM
MailPoet < 5.5.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12739 MEDIUM
Mobile Contact Bar < 3.0.5 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12734 MEDIUM
Advance Post Prefix < 1.1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12733 MEDIUM
AffiliateImporterEb < 1.0.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12732 MEDIUM
AffiliateImporterEb < 1.0.6 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12726 MEDIUM
ClipArt WordPress Plugin <= 0.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12725 MEDIUM
Clasify Classified Listing < 1.0.7 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12724 MEDIUM
WP DeskLite through 1.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12722 MEDIUM
Twitter Bootstrap Collapse aka Accordian Shortcode < 1.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-12716 MEDIUM
Simple Basic Contact Form < 20250114 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-12680 MEDIUM
Prisna GWT WordPress Plugin < 1.4.14 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12679 MEDIUM
Prisna GWT WordPress Plugin < 1.4.14 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11843 MEDIUM
Panorama < 1.5.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
Details
Vulnerabilities 45,293
Exploit Likelihood High