CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,295 vulnerabilities with CWE-79
CVE-2024-13702
MEDIUM
CRM and Lead Management by vcita < 2.7.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-12683
LOW
Smart Maintenance Mode < 1.5.2 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-11847
MEDIUM
wp-svg-upload < 1.0.0 - Stored Cross-Site Scripting via SVG File Upload
CVSS 4.8
CVE-2024-55029
MEDIUM
NASA Fprime v3.4.3 - Cross-Site Scripting
CVSS 6.1
CVE-2024-53679
MEDIUM
Apache VCL < 2.5.2 - Cross-Site Scripting in User Lookup Form
CVSS 5.4
CVE-2024-13731
MEDIUM
WordPress Alert Box Block <1.1.2 - XSS
CVSS 6.4
CVE-2024-13690
HIGH
WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting via Donation Form Parameters
CVSS 7.2
CVE-2024-12623
MEDIUM
WordPress DICOM Support <0.10.6 - XSS
CVSS 6.4
CVE-2024-13863
HIGH
Stylish Google Sheet Reader < 4.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13123
LOW
Advanced Form Integration < 1.100.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13122
LOW
Advanced Form Integration < 1.100.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-12769
LOW
Simple Banner < 3.0.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 3.5
CVE-2024-12682
MEDIUM
Smart Maintenance Mode < 1.5.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-11503
MEDIUM
WP Tabs < 2.2.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 6.1
CVE-2024-11273
MEDIUM
Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-11272
MEDIUM
PirateForms < 2.6.0 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.1
CVE-2024-10703
MEDIUM
Registrations for the Events Calendar < 2.13.4 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-10679
MEDIUM
Quiz and Survey Master < 9.2.1 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 6.1
CVE-2024-10566
MEDIUM
10web Slider < 1.2.62 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.1
CVE-2024-10565
MEDIUM
10web Slider < 1.2.62 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 6.1
CVE-2024-10560
LOW
10Web Form Maker < 1.15.30 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-10554
LOW
WP-Advanced-Search < 3.3.9.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 3.5
CVE-2024-10472
MEDIUM
Stylish Price List < 7.1.12 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 5.9
CVE-2024-10105
MEDIUM
Job Postings WordPress <2.7.11 - XSS
CVSS 5.9
CVE-2024-10208
MEDIUM
B&R APROL < 4.4-00P5 - Authenticated Stored Cross-Site Scripting in Web Portal
Details
Vulnerabilities
45,295
Exploit Likelihood
High