CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,298 vulnerabilities with CWE-79
CVE-2024-11895 MEDIUM
WordPress Online Payments - Stored XSS
CVSS 6.4
CVE-2024-11376 MEDIUM
s2Member < 241114 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg URL Parameter
CVSS 6.1
CVE-2024-13848 MEDIUM
Reaction Buttons < 2.1.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2024-13588 MEDIUM
Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13587 MEDIUM
Zigaform Lite <= 7.4.7 - Authenticated Stored XSS via zgfm_fvar Shortcode
CVSS 6.4
CVE-2024-13582 MEDIUM
Simple Pricing Tables For WPBakery Page Builder <= 1.0 - Stored XSS via Shortcode
CVSS 6.4
CVE-2024-13581 MEDIUM
Simple Charts < 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13579 MEDIUM
WP-Asambleas < 2.85.0 - Authenticated Stored Cross-Site Scripting via polls_popup Shortcode
CVSS 6.4
CVE-2024-13578 MEDIUM
WP-BibTeX <= 3.0.1 - Authenticated Stored Cross-Site Scripting via WpBibTeX Shortcode
CVSS 6.4
CVE-2024-13577 MEDIUM
CATS Job Listings < 2.0.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13576 MEDIUM
Gumlet Video <= 1.0.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13573 MEDIUM
Zigaform - Form Builder Lite <= 7.4.2 - Authenticated Stored Cross-Site Scripting via zgfm_rfvar Shortcode
CVSS 6.4
CVE-2024-13565 MEDIUM
Simple Map No Api < 1.9 - Authenticated Stored Cross-Site Scripting via Width Parameter
CVSS 6.4
CVE-2024-13501 MEDIUM
WP-FormAssembly <= 2.0.11 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13464 MEDIUM
Library Bookshelves <= 5.10 - Authenticated Stored Cross-Site Scripting via Bookshelf Shortcode
CVSS 6.4
CVE-2024-12813 MEDIUM
Open Hours - Easy Opening Hours <= 1.0.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attribute
CVSS 6.4
CVE-2024-12525 MEDIUM
Easy MLS Listings Import <= 2.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13627 MEDIUM
OWL Carousel Slider < 2.2 - Reflected Cross-Site Scripting
CVSS 4.7
CVE-2024-13626 HIGH
VR-Frases < 3.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13625 HIGH
Tube Video Ads Lite < 1.5.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13603 MEDIUM
Wise Forms WordPress Plugin < 1.2.0 - Unauthenticated Stored Cross-Site Scripting via Form Submission
CVSS 6.1
CVE-2024-44044 HIGH
Oshine Modules < 3.3.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13563 MEDIUM
Front End Users <= 3.2.30 - Authenticated Stored Cross-Site Scripting via Forgot-Password Shortcode
CVSS 6.4
CVE-2024-13306 MEDIUM
Maps Plugin using Google Maps for WordPress <1.9.4 - XSS
CVSS 4.3
CVE-2024-13208 MEDIUM
Maps Plugin using Google Maps for WordPress <1.9.4 - XSS
CVSS 4.3
Details
Vulnerabilities 45,298
Exploit Likelihood High