CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,293 vulnerabilities with CWE-79
CVE-2024-11718 MEDIUM
tarteaucitron-wp < 0.3.0 - Stored Cross-Site Scripting via Post/Page HTML Injection
CVSS 5.4
CVE-2024-11502 MEDIUM
Planning Center Online Giving <1.0.0 - XSS
CVSS 5.4
CVE-2024-11266 MEDIUM
Geocache Stat Bar Widget < 0.911 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11221 MEDIUM
Full Screen (Page) Background Image Slideshow < 1.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11190 MEDIUM
jidaikobo jwp-a11y < 4.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11189 MEDIUM
Social Share And Social Locker < 1.4.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-11141 MEDIUM
Sailthru Triggermail < 1.1 - Stored Cross-Site Scripting via Unsanitized Settings
CVSS 6.1
CVE-2024-11140 LOW
Real WP Shop Lite Ajax eCommerce Shopping Cart < 2.0.8 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-11109 MEDIUM
WP Google Review Slider < 15.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10818 MEDIUM
JSFiddle Shortcode < 1.1.3 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-10639 MEDIUM
Auto Prune Posts < 3.0.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-10632 MEDIUM
Nokaut Offers Box < 1.4.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10631 MEDIUM
Countdown Timer for WordPress Block Editor < 1.0.5 - Stored Cross-Site Scripting via Block Options
CVSS 6.5
CVE-2024-10504 MEDIUM
ARForms < 1.7.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-10475 MEDIUM
Responsive Contact Form Builder < 1.9.8 - Authenticated Stored XSS via Settings
CVSS 4.8
CVE-2024-10362 MEDIUM
Social Media Share Buttons & Social Sharing Icons < 2.9.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10149 MEDIUM
Social Slider Feed WordPress Plugin < 2.2.9 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10145 MEDIUM
Hubbub Lite <1.34.4 - XSS
CVSS 4.8
CVE-2024-10144 MEDIUM
Rbs Image Gallery WordPress <3.2.22 - XSS
CVSS 4.8
CVE-2024-10143 MEDIUM
MB Custom Post Types & Custom Taxonomies <2.7.7 - XSS
CVSS 4.8
CVE-2024-10107 MEDIUM
RafflePress < 1.12.17 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-10076 MEDIUM
Jetpack <13.8 - Jetpack Boost <3.4.8 - XSS
CVSS 5.9
CVE-2024-10054 MEDIUM
Happyforms < 1.26.3 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-0852 HIGH
coreActivity: Activity Logging for WordPress < 1.8.1 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard
CVSS 8.8
CVE-2024-0249 HIGH
Advanced Schedule Posts < 2.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities 45,293
Exploit Likelihood High