CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,300 vulnerabilities with CWE-79
CVE-2024-13222 MEDIUM
User Messages WordPress Plugin <= 1.2.4 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13221 MEDIUM
Fantastic ElasticSearch WP <4.1.0 - XSS
CVSS 6.1
CVE-2024-13220 MEDIUM
WordPress Google Map Professional <1.0 - XSS
CVSS 6.1
CVE-2024-13219 MEDIUM
Privacy Policy Genius WP <2.0.4 - XSS
CVSS 6.1
CVE-2024-13218 MEDIUM
Fast Tube < 2.3.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13112 MEDIUM
WP MediaTagger < 4.1.1 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-13101 MEDIUM
WP MediaTagger < 4.1.1 - Stored Cross-Site Scripting via Shortcode Attributes
CVSS 5.4
CVE-2024-13100 MEDIUM
OPSI Israel Domestic Shipments WP <2.6.3 - XSS
CVSS 6.1
CVE-2024-12872 MEDIUM
Honzaskypala Zalomeni < 1.5 - XSS
CVSS 4.8
CVE-2024-12772 MEDIUM
Ninja Tables < 5.0.17 - Stored Cross-Site Scripting via CSV Import Parameter
CVSS 5.4
CVE-2024-12275 MEDIUM
Canvasflow < 1.5.5 - Reflected Cross-Site Scripting via Unsanitized Parameter
CVSS 6.1
CVE-2024-11886 MEDIUM
vCita Contact Form & CTA <=2.7.1 - Authenticated Stored XSS via vCitaMeetingScheduler Shortcode
CVSS 6.4
CVE-2024-10867 MEDIUM
Borderless < 1.6.2 - Authenticated Stored XSS via SVG Upload
CVSS 5.4
CVE-2024-13463 MEDIUM
SeatReg <= 1.56.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13399 MEDIUM
Gosign - Posts Slider Block <1.1.0 - XSS
CVSS 6.4
CVE-2024-13397 MEDIUM
WPRadio - WordPress Radio Streaming Plugin <1.0.4 - XSS
CVSS 6.4
CVE-2024-13396 MEDIUM
Frictionless <= 0.0.23 - Authenticated Stored Cross-Site Scripting via frictionless_form Shortcode
CVSS 6.4
CVE-2024-55416 LOW
DevDojo Voyager < 1.8.0 - Reflected Cross-Site Scripting via Compass Endpoint
CVSS 3.5
CVE-2024-13705 MEDIUM
StageShow < 9.8.6 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-13700 MEDIUM
Embed Swagger UI <= 1.0.0 - Authenticated Stored Cross-Site Scripting via wpsgui Shortcode
CVSS 6.4
CVE-2024-13670 MEDIUM
Music Sheet Viewer < 4.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13664 MEDIUM
WP Post List Table <= 1.0.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13661 MEDIUM
Table Editor <= 1.5.1 - Authenticated Stored Cross-Site Scripting via wptableeditor_vtabs Shortcode
CVSS 6.4
CVE-2024-13549 MEDIUM
All Bootstrap Blocks <= 1.3.26 - Authenticated Stored Cross-Site Scripting via Accordion Widget
CVSS 6.4
CVE-2024-13460 MEDIUM
WE - Testimonial Slider <= 1.5 - Authenticated Stored Cross-Site Scripting via Testimonial Author Names
CVSS 6.4
Details
Vulnerabilities 45,300
Exploit Likelihood High