CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,300 vulnerabilities with CWE-79
CVE-2024-13599
MEDIUM
LearnPress - WordPress LMS Plugin <= 4.2.7.5 - Authenticated Stored Cross-Site Scripting via Lesson Name
CVSS 6.4
CVE-2024-13586
MEDIUM
Masy Gallery < 1.7 - Authenticated Stored Cross-Site Scripting via Justified Gallery Shortcode
CVSS 6.4
CVE-2024-13551
MEDIUM
ABC Notation < 6.1.3 - Authenticated Stored Cross-Site Scripting via 'abcjs' Shortcode
CVSS 6.4
CVE-2024-13548
MEDIUM
Power Ups for Elementor <= 1.2.2 - Authenticated Stored Cross-Site Scripting via Magic-Button Shortcode
CVSS 6.4
CVE-2024-13467
MEDIUM
WP Contact Form7 Email Spam Blocker <1.0.0 - XSS
CVSS 6.1
CVE-2024-13458
MEDIUM
WordPress SEO Friendly Accordion FAQ <2.2.1 - XSS
CVSS 6.4
CVE-2024-13441
MEDIUM
Bilingual Linker <= 2.4 - Authenticated Stored Cross-Site Scripting via bl_otherlang_link_1 Parameter
CVSS 6.4
CVE-2024-12817
MEDIUM
Etsy Importer <= 1.4.2 - Authenticated Stored Cross-Site Scripting via Product Link Shortcode
CVSS 6.4
CVE-2024-12816
MEDIUM
NOTICE BOARD BY TOWKIR - WordPress <=3.1 - XSS
CVSS 6.4
CVE-2024-12529
MEDIUM
Brodos.net Onlineshop Plugin <2.0.2 - XSS
CVSS 6.4
CVE-2024-12512
MEDIUM
WordPress Ask Me Anything <1.6 - XSS
CVSS 6.4
CVE-2024-12076
MEDIUM
Target Video Easy Publish <3.8.3 - CSRF
CVSS 6.1
CVE-2024-11825
MEDIUM
Broadstreet <= 1.51.0 - Authenticated Stored Cross-Site Scripting via Zone Parameter
CVSS 6.4
CVE-2024-10552
MEDIUM
Flexmls IDX Plugin <= 3.14.26 - Authenticated Stored Cross-Site Scripting via API Key and Secret Parameters
CVSS 6.4
CVE-2024-57277
MEDIUM
InnoShop <= 0.3.8 - Stored Cross-Site Scripting via SVG File Upload
CVSS 5.7
CVE-2024-57041
MEDIUM
NodeBB < 3.11.1 - Stored Cross-Site Scripting in Profile About Me Section
CVSS 4.6
CVE-2024-13572
MEDIUM
WordPress Precious Metals Charts <=1.2.8 - Authenticated Stored XSS via nfusion-widget
CVSS 6.4
CVE-2024-13542
MEDIUM
WP Google Street View < 1.1.3 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13354
MEDIUM
Responsive Addons for Elementor - WordPress <1.6.4 - XSS
CVSS 6.4
CVE-2024-13583
MEDIUM
Simple Gallery with Filter < 2.0 - Authenticated Stored Cross-Site Scripting via c2tw_sgwf Shortcode
CVSS 6.4
CVE-2024-12494
MEDIUM
BMLT Meeting Map < 2.6.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-13659
MEDIUM
Listamester <= 2.3.4 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-57556
MEDIUM
nbubna/store < 2.14.2 - Cross-Site Scripting via store.deep.js Component
CVSS 6.1
CVE-2024-57386
MEDIUM
Wallos 2.41.0 - Stored Cross-Site Scripting via Profile Picture Function
CVSS 6.1
CVE-2024-57329
MEDIUM
HortusFox 3.9 - Stored Cross-Site Scripting in Add Plant Name Input
CVSS 5.4
Details
Vulnerabilities
45,300
Exploit Likelihood
High