CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,297 vulnerabilities with CWE-79
CVE-2024-13660
MEDIUM
Responsive Flickr Slideshow 2.6.1 - XSS
CVSS 6.4
CVE-2024-13657
MEDIUM
Store Locator Widget <20200131 - XSS
CVSS 6.4
CVE-2024-13591
MEDIUM
Team Builder For WPBakery Page Builder <= 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13589
MEDIUM
YouTube Playlists with Schema <2.6.1 - XSS
CVSS 6.4
CVE-2024-13462
MEDIUM
WP Wiki Tooltip <= 2.0.2 - Authenticated Stored Cross-Site Scripting via Wiki Shortcode
CVSS 6.4
CVE-2024-13390
MEDIUM
ADFO - Custom data in admin dashboard <= 1.9.1 - Authenticated Stored Cross-Site Scripting via 'adfo_list' Shortcode
CVSS 6.4
CVE-2024-12522
MEDIUM
Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <1.2.1...
CVSS 6.4
CVE-2024-12339
MEDIUM
Digihood HTML Sitemap <= 3.1.1 - Unauthenticated Reflected Cross-Site Scripting via Channel Parameter
CVSS 6.1
CVE-2024-12069
MEDIUM
Lexicata < 1.0.16 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11778
MEDIUM
CanadaHelps Embedded Donation Form <1.0.0 - XSS
CVSS 6.4
CVE-2024-11753
MEDIUM
UMich OIDC Login <= 1.2.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11335
MEDIUM
UltraEmbed WordPress Plugin <=1.0.3 - Authenticated Stored XSS via Iframe Shortcode
CVSS 6.4
CVE-2024-13799
MEDIUM
User Private Files - WordPress <2.1.3 - XSS
CVSS 6.4
CVE-2024-12173
LOW
Master Slider < 3.10.5 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 3.5
CVE-2024-13443
MEDIUM
Easypromos Plugin <= 1.3.8 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11582
HIGH
Subscribe2 - Form, Email Subscribers & Newsletters <10.43 - XSS
CVSS 7.2
CVE-2024-13508
MEDIUM
Booking Package plugin - WordPress <1.6.72 - XSS
CVSS 6.1
CVE-2024-13743
MEDIUM
Wonder Video Embed <= 2.2 - Authenticated Stored Cross-Site Scripting via wonderplugin_video Shortcode
CVSS 6.4
CVE-2024-56882
MEDIUM
Sage DPW < 2024_12_000 - Stored Cross-Site Scripting via Kurstitel and Kurzinfo Input Fields
CVSS 5.4
CVE-2024-13667
MEDIUM
Uncode < 2.9.1.6 - Authenticated Stored Cross-Site Scripting via mle-description Parameter
CVSS 5.4
CVE-2024-13395
MEDIUM
Threepress <= 1.7.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13704
HIGH
Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting via st_user_title Parameter
CVSS 7.2
CVE-2024-13575
MEDIUM
Web Stories Enhancer <= 1.3 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-13465
MEDIUM
aBlocks - WordPress Gutenberg Blocks <1.6.1 - XSS
CVSS 6.4
CVE-2024-11895
MEDIUM
WordPress Online Payments - Stored XSS
CVSS 6.4
Details
Vulnerabilities
45,297
Exploit Likelihood
High