CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,297 vulnerabilities with CWE-79
CVE-2024-13660 MEDIUM
Responsive Flickr Slideshow 2.6.1 - XSS
CVSS 6.4
CVE-2024-13657 MEDIUM
Store Locator Widget <20200131 - XSS
CVSS 6.4
CVE-2024-13591 MEDIUM
Team Builder For WPBakery Page Builder <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13589 MEDIUM
YouTube Playlists with Schema <2.6.1 - XSS
CVSS 6.4
CVE-2024-13462 MEDIUM
WP Wiki Tooltip <= 2.0.2 - Authenticated Stored Cross-Site Scripting via Wiki Shortcode
CVSS 6.4
CVE-2024-13390 MEDIUM
ADFO - Custom data in admin dashboard <= 1.9.1 - Authenticated Stored Cross-Site Scripting via 'adfo_list' Shortcode
CVSS 6.4
CVE-2024-12522 MEDIUM
Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <1.2.1...
CVSS 6.4
CVE-2024-12339 MEDIUM
Digihood HTML Sitemap <= 3.1.1 - Unauthenticated Reflected Cross-Site Scripting via Channel Parameter
CVSS 6.1
CVE-2024-12069 MEDIUM
Lexicata < 1.0.16 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11778 MEDIUM
CanadaHelps Embedded Donation Form <1.0.0 - XSS
CVSS 6.4
CVE-2024-11753 MEDIUM
UMich OIDC Login <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11335 MEDIUM
UltraEmbed WordPress Plugin <=1.0.3 - Authenticated Stored XSS via Iframe Shortcode
CVSS 6.4
CVE-2024-13799 MEDIUM
User Private Files - WordPress <2.1.3 - XSS
CVSS 6.4
CVE-2024-12173 LOW
Master Slider < 3.10.5 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13443 MEDIUM
Easypromos Plugin <= 1.3.8 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11582 HIGH
Subscribe2 - Form, Email Subscribers & Newsletters <10.43 - XSS
CVSS 7.2
CVE-2024-13508 MEDIUM
Booking Package plugin - WordPress <1.6.72 - XSS
CVSS 6.1
CVE-2024-13743 MEDIUM
Wonder Video Embed <= 2.2 - Authenticated Stored Cross-Site Scripting via wonderplugin_video Shortcode
CVSS 6.4
CVE-2024-56882 MEDIUM
Sage DPW < 2024_12_000 - Stored Cross-Site Scripting via Kurstitel and Kurzinfo Input Fields
CVSS 5.4
CVE-2024-13667 MEDIUM
Uncode < 2.9.1.6 - Authenticated Stored Cross-Site Scripting via mle-description Parameter
CVSS 5.4
CVE-2024-13395 MEDIUM
Threepress <= 1.7.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13704 HIGH
Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting via st_user_title Parameter
CVSS 7.2
CVE-2024-13575 MEDIUM
Web Stories Enhancer <= 1.3 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-13465 MEDIUM
aBlocks - WordPress Gutenberg Blocks <1.6.1 - XSS
CVSS 6.4
CVE-2024-11895 MEDIUM
WordPress Online Payments - Stored XSS
CVSS 6.4
Details
Vulnerabilities 45,297
Exploit Likelihood High