CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,297 vulnerabilities with CWE-79
CVE-2024-13630
MEDIUM
NewsTicker WordPress Plugin through 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13629
MEDIUM
pushBIZ < 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13628
MEDIUM
WP Pricing Table < 1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13624
HIGH
WPMovieLibrary < 2.1.4.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13571
HIGH
Post Timeline WordPress Plugin < 2.3.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13113
MEDIUM
Countdown Timer for Elementor < 1.3.7 - Authenticated Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-12878
HIGH
lazy_blocks < 3.8.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12737
MEDIUM
WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10563
MEDIUM
WooCommerce Cart Count Shortcode < 1.1.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-10483
HIGH
Simplepress < 6.10.11 - XSS
CVSS 7.1
CVE-2024-10152
HIGH
Simple Certain Time to Show Content <1.3.1 - XSS
CVSS 7.1
CVE-2024-54444
MEDIUM
Elementor Website Builder <= 3.25.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-10545
LOW
NextGEN Gallery < 3.59.9 - Authenticated Stored Cross-Site Scripting in Image Settings
CVSS 3.5
CVE-2024-57026
MEDIUM
TawkTo Widget <= 1.3.7 - Cross-Site Scripting
CVSS 6.1
CVE-2024-13822
MEDIUM
TotalContest < 2.9.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13605
MEDIUM
10Web Form Maker < 1.15.33 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12308
MEDIUM
Logo Slider WordPress Plugin < 4.6.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-13728
MEDIUM
Accept Donations with PayPal & Stripe <= 1.4.4 - Unauthenticated Reflected Cross-Site Scripting via rf Parameter
CVSS 6.1
CVE-2024-13564
MEDIUM
Elementor Extensions & Templates < 1.2.5 - Authenticated Stored XSS via Writing Effect Headline
CVSS 6.4
CVE-2024-12467
MEDIUM
Pago por Redsys <= 1.0.12 - Unauthenticated Reflected Cross-Site Scripting via Ds_MerchantParameters Parameter
CVSS 6.1
CVE-2024-12038
MEDIUM
BuddyForms <= 2.8.15 - Authenticated Stored Cross-Site Scripting via buddyforms_nav Shortcode
CVSS 6.4
CVE-2024-10222
MEDIUM
SVG Support < 2.5.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-13455
MEDIUM
igumbi Online Booking <= 1.40 - Authenticated Stored Cross-Site Scripting via igumbi_calendar Shortcode
CVSS 6.4
CVE-2024-13648
MEDIUM
Maps for WP <= 1.2.4 - Authenticated Stored Cross-Site Scripting via MapOnePoint Shortcode
CVSS 6.4
CVE-2024-13461
MEDIUM
Autoship Cloud for WooCommerce <= 2.8.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
Details
Vulnerabilities
45,297
Exploit Likelihood
High