CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,297 vulnerabilities with CWE-79
CVE-2024-13630 MEDIUM
NewsTicker WordPress Plugin through 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13629 MEDIUM
pushBIZ < 1.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13628 MEDIUM
WP Pricing Table < 1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13624 HIGH
WPMovieLibrary < 2.1.4.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13571 HIGH
Post Timeline WordPress Plugin < 2.3.10 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13113 MEDIUM
Countdown Timer for Elementor < 1.3.7 - Authenticated Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-12878 HIGH
lazy_blocks < 3.8.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-12737 MEDIUM
WP BASE Booking of Appointments, Services and Events < 5.0.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-10563 MEDIUM
WooCommerce Cart Count Shortcode < 1.1.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-10483 HIGH
Simplepress < 6.10.11 - XSS
CVSS 7.1
CVE-2024-10152 HIGH
Simple Certain Time to Show Content <1.3.1 - XSS
CVSS 7.1
CVE-2024-54444 MEDIUM
Elementor Website Builder <= 3.25.10 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-10545 LOW
NextGEN Gallery < 3.59.9 - Authenticated Stored Cross-Site Scripting in Image Settings
CVSS 3.5
CVE-2024-57026 MEDIUM
TawkTo Widget <= 1.3.7 - Cross-Site Scripting
CVSS 6.1
CVE-2024-13822 MEDIUM
TotalContest < 2.9.0 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13605 MEDIUM
10Web Form Maker < 1.15.33 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12308 MEDIUM
Logo Slider WordPress Plugin < 4.6.0 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-13728 MEDIUM
Accept Donations with PayPal & Stripe <= 1.4.4 - Unauthenticated Reflected Cross-Site Scripting via rf Parameter
CVSS 6.1
CVE-2024-13564 MEDIUM
Elementor Extensions & Templates < 1.2.5 - Authenticated Stored XSS via Writing Effect Headline
CVSS 6.4
CVE-2024-12467 MEDIUM
Pago por Redsys <= 1.0.12 - Unauthenticated Reflected Cross-Site Scripting via Ds_MerchantParameters Parameter
CVSS 6.1
CVE-2024-12038 MEDIUM
BuddyForms <= 2.8.15 - Authenticated Stored Cross-Site Scripting via buddyforms_nav Shortcode
CVSS 6.4
CVE-2024-10222 MEDIUM
SVG Support < 2.5.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-13455 MEDIUM
igumbi Online Booking <= 1.40 - Authenticated Stored Cross-Site Scripting via igumbi_calendar Shortcode
CVSS 6.4
CVE-2024-13648 MEDIUM
Maps for WP <= 1.2.4 - Authenticated Stored Cross-Site Scripting via MapOnePoint Shortcode
CVSS 6.4
CVE-2024-13461 MEDIUM
Autoship Cloud for WooCommerce <= 2.8.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
Details
Vulnerabilities 45,297
Exploit Likelihood High