CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,297 vulnerabilities with CWE-79
CVE-2024-13675
MEDIUM
SlingBlocks - Gutenberg Blocks by FunnelKit < 1.5.0 - Authenticated Stored Cross-Site Scripting via Icon List Block
CVSS 6.4
CVE-2024-13649
MEDIUM
Xpro Addons for Elementor < 1.4.6.7 - Authenticated Stored Cross-Site Scripting via Widget Input
CVSS 6.4
CVE-2024-13825
MEDIUM
Email Keep < 1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-12119
MEDIUM
FooGallery < 2.4.30 - Authenticated Stored Cross-Site Scripting via default_gallery_title_size Parameter
CVSS 6.4
CVE-2024-12460
MEDIUM
Years Since - Timeless Texts <1.4.1 - XSS
CVSS 6.4
CVE-2024-9458
MEDIUM
Reservit Hotel WordPress Plugin < 3.0 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-13805
MEDIUM
Advanced File Manager WordPress Plugin <= 5.2.14 - Authenticated Stored XSS via SVG Upload
CVSS 6.4
CVE-2024-13668
HIGH
WordPress Activity O Meter < 1.0 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13431
MEDIUM
Simply Schedule Appointments Booking Plugin <1.6.8.3 - XSS
CVSS 6.1
CVE-2024-12809
MEDIUM
Wishlist <= 1.0.43 - Authenticated Stored Cross-Site Scripting via wishlist_button Shortcode
CVSS 6.4
CVE-2024-13902
LOW
huang-yk student-manage 1.0 - Cross-Site Scripting via Class Parameter
CVSS 2.4
CVE-2024-13868
MEDIUM
URL Shortener | Conversion Tracking | AB Testing | WooCommerce < 9.0.2 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-48246
MEDIUM
Vehicle Management System 1.0 - Stored Cross-Site Scripting via Name Parameter
CVSS 5.4
CVE-2024-5667
MEDIUM
WP Featherlight - A Simple jQuery Lightbox < 1.3.4 - Authenticated Stored Cross-Site Scripting via Featherlight.js
CVSS 6.4
CVE-2024-13839
MEDIUM
Staff Directory Plugin: Company Directory <= 4.3 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-13779
MEDIUM
Hero Mega Menu - Responsive WordPress Menu Plugin <1.16.5 - XSS
CVSS 6.1
CVE-2024-13757
MEDIUM
Master Slider - Responsive Touch Slider <= 3.10.6 - Authenticated Stored Cross-Site Scripting via ms_layer Shortcode
CVSS 6.4
CVE-2024-12815
MEDIUM
Point Maker <= 0.1.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11731
MEDIUM
Master Slider - WordPress <3.10.6 - XSS
CVSS 6.4
CVE-2024-13866
MEDIUM
Simple Notification <= 1.3 - Authenticated Stored Cross-Site Scripting
CVSS 6.4
CVE-2024-13827
MEDIUM
Razorpay Subscription Button Elementor Plugin <1.0.4 - XSS
CVSS 6.1
CVE-2024-13350
MEDIUM
SearchIQ - The Search Solution < 4.7 - Authenticated Stored Cross-Site Scripting via siq_searchbox Shortcode
CVSS 6.4
CVE-2024-9618
MEDIUM
Master Addons - Elementor Addons < 2.0.7.3 - Authenticated Stored Cross-Site Scripting via Widget Attributes
CVSS 6.4
CVE-2024-55064
MEDIUM
EasyVirt DC NetScope <= 8.6.4 - Cross-Site Scripting via SMTP or NTP/DNS Parameters
CVSS 5.4
CVE-2024-5888
MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
CVSS 4.8
Details
Vulnerabilities
45,297
Exploit Likelihood
High