CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,293 vulnerabilities with CWE-79
CVE-2024-11718
MEDIUM
tarteaucitron-wp < 0.3.0 - Stored Cross-Site Scripting via Post/Page HTML Injection
CVSS 5.4
CVE-2024-11502
MEDIUM
Planning Center Online Giving <1.0.0 - XSS
CVSS 5.4
CVE-2024-11266
MEDIUM
Geocache Stat Bar Widget < 0.911 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11221
MEDIUM
Full Screen (Page) Background Image Slideshow < 1.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11190
MEDIUM
jidaikobo jwp-a11y < 4.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-11189
MEDIUM
Social Share And Social Locker < 1.4.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-11141
MEDIUM
Sailthru Triggermail < 1.1 - Stored Cross-Site Scripting via Unsanitized Settings
CVSS 6.1
CVE-2024-11140
LOW
Real WP Shop Lite Ajax eCommerce Shopping Cart < 2.0.8 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-11109
MEDIUM
WP Google Review Slider < 15.6 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10818
MEDIUM
JSFiddle Shortcode < 1.1.3 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-10639
MEDIUM
Auto Prune Posts < 3.0.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-10632
MEDIUM
Nokaut Offers Box < 1.4.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10631
MEDIUM
Countdown Timer for WordPress Block Editor < 1.0.5 - Stored Cross-Site Scripting via Block Options
CVSS 6.5
CVE-2024-10504
MEDIUM
ARForms < 1.7.1 - Unauthenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-10475
MEDIUM
Responsive Contact Form Builder < 1.9.8 - Authenticated Stored XSS via Settings
CVSS 4.8
CVE-2024-10362
MEDIUM
Social Media Share Buttons & Social Sharing Icons < 2.9.1 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10149
MEDIUM
Social Slider Feed WordPress Plugin < 2.2.9 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-10145
MEDIUM
Hubbub Lite <1.34.4 - XSS
CVSS 4.8
CVE-2024-10144
MEDIUM
Rbs Image Gallery WordPress <3.2.22 - XSS
CVSS 4.8
CVE-2024-10143
MEDIUM
MB Custom Post Types & Custom Taxonomies <2.7.7 - XSS
CVSS 4.8
CVE-2024-10107
MEDIUM
RafflePress < 1.12.17 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-10076
MEDIUM
Jetpack <13.8 - Jetpack Boost <3.4.8 - XSS
CVSS 5.9
CVE-2024-10054
MEDIUM
Happyforms < 1.26.3 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-0852
HIGH
coreActivity: Activity Logging for WordPress < 1.8.1 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard
CVSS 8.8
CVE-2024-0249
HIGH
Advanced Schedule Posts < 2.1.8 - Reflected Cross-Site Scripting
CVSS 7.1
Details
Vulnerabilities
45,293
Exploit Likelihood
High