CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,298 vulnerabilities with CWE-79
CVE-2024-11895
MEDIUM
WordPress Online Payments - Stored XSS
CVSS 6.4
CVE-2024-11376
MEDIUM
s2Member < 241114 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg URL Parameter
CVSS 6.1
CVE-2024-13848
MEDIUM
Reaction Buttons < 2.1.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 5.5
CVE-2024-13588
MEDIUM
Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13587
MEDIUM
Zigaform Lite <= 7.4.7 - Authenticated Stored XSS via zgfm_fvar Shortcode
CVSS 6.4
CVE-2024-13582
MEDIUM
Simple Pricing Tables For WPBakery Page Builder <= 1.0 - Stored XSS via Shortcode
CVSS 6.4
CVE-2024-13581
MEDIUM
Simple Charts < 1.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13579
MEDIUM
WP-Asambleas < 2.85.0 - Authenticated Stored Cross-Site Scripting via polls_popup Shortcode
CVSS 6.4
CVE-2024-13578
MEDIUM
WP-BibTeX <= 3.0.1 - Authenticated Stored Cross-Site Scripting via WpBibTeX Shortcode
CVSS 6.4
CVE-2024-13577
MEDIUM
CATS Job Listings < 2.0.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13576
MEDIUM
Gumlet Video <= 1.0.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13573
MEDIUM
Zigaform - Form Builder Lite <= 7.4.2 - Authenticated Stored Cross-Site Scripting via zgfm_rfvar Shortcode
CVSS 6.4
CVE-2024-13565
MEDIUM
Simple Map No Api < 1.9 - Authenticated Stored Cross-Site Scripting via Width Parameter
CVSS 6.4
CVE-2024-13501
MEDIUM
WP-FormAssembly <= 2.0.11 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13464
MEDIUM
Library Bookshelves <= 5.10 - Authenticated Stored Cross-Site Scripting via Bookshelf Shortcode
CVSS 6.4
CVE-2024-12813
MEDIUM
Open Hours - Easy Opening Hours <= 1.0.9 - Authenticated Stored Cross-Site Scripting via Shortcode Attribute
CVSS 6.4
CVE-2024-12525
MEDIUM
Easy MLS Listings Import <= 2.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13627
MEDIUM
OWL Carousel Slider < 2.2 - Reflected Cross-Site Scripting
CVSS 4.7
CVE-2024-13626
HIGH
VR-Frases < 3.0.1 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13625
HIGH
Tube Video Ads Lite < 1.5.7 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13603
MEDIUM
Wise Forms WordPress Plugin < 1.2.0 - Unauthenticated Stored Cross-Site Scripting via Form Submission
CVSS 6.1
CVE-2024-44044
HIGH
Oshine Modules < 3.3.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-13563
MEDIUM
Front End Users <= 3.2.30 - Authenticated Stored Cross-Site Scripting via Forgot-Password Shortcode
CVSS 6.4
CVE-2024-13306
MEDIUM
Maps Plugin using Google Maps for WordPress <1.9.4 - XSS
CVSS 4.3
CVE-2024-13208
MEDIUM
Maps Plugin using Google Maps for WordPress <1.9.4 - XSS
CVSS 4.3
Details
Vulnerabilities
45,298
Exploit Likelihood
High