CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,364 vulnerabilities with CWE-79
CVE-2024-12438 MEDIUM
WooCommerce Digital Content Delivery - FlickRocket <4.74 - XSS
CVSS 6.1
CVE-2024-12384 MEDIUM
Binary MLM Woocommerce < 2.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12261 MEDIUM
SmartEmailing.cz < 2.2.0 - Unauthenticated Reflected Cross-Site Scripting via se-lists-updated Parameter
CVSS 6.1
CVE-2024-12073 MEDIUM
Meteor Slides < 1.5.7 - Authenticated Stored Cross-Site Scripting via slide_url_value Parameter
CVSS 6.4
CVE-2024-11887 MEDIUM
Geo Content < 6.0 - Authenticated Stored Cross-Site Scripting via geotargetlygeocontent Shortcode
CVSS 6.4
CVE-2024-11756 MEDIUM
SweepWidget <= 2.0.6 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2024-11749 MEDIUM
App Embed <= 2.3.2 - Authenticated Stored Cross-Site Scripting via 'appizy' Shortcode
CVSS 6.4
CVE-2024-11606 MEDIUM
Tabs Shortcode WordPress <2.0.2 - XSS
CVSS 5.3
CVE-2024-11369 MEDIUM
Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected XSS via Coupon Parameters
CVSS 6.1
CVE-2024-10562 LOW
10Web Form Maker < 1.15.31 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 2.7
CVE-2024-10102 LOW
robo_gallery < 3.2.22 - Authenticated Stored Cross-Site Scripting in Gallery Settings
CVSS 2.7
CVE-2024-9208 MEDIUM
Enable Accessibility <= 1.4.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-12462 MEDIUM
YOGO Booking <= 1.6.2 - Authenticated Stored Cross-Site Scripting via yogo-calendar Shortcode
CVSS 6.4
CVE-2024-12457 MEDIUM
Chat Support for Viber - Chat Bubble and Chat Button for Gutenberg,...
CVSS 6.4
CVE-2024-12453 MEDIUM
Uptodown APK Download Widget <0.1.2 - XSS
CVSS 6.4
CVE-2024-12445 MEDIUM
RightMessage WP <= 0.9.7 - Authenticated Stored Cross-Site Scripting via rm_area Shortcode
CVSS 6.4
CVE-2024-12435 MEDIUM
Compare Products for WooCommerce <= 3.2.1 - Unauthenticated Reflected Cross-Site Scripting via s_feature Parameter
CVSS 6.1
CVE-2024-12324 MEDIUM
Unilevel MLM Plan <= 1.1.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12290 MEDIUM
Infility Global <= 2.9.8 - Unauthenticated Reflected Cross-Site Scripting via set_type Parameter
CVSS 6.1
CVE-2024-12256 MEDIUM
Simple Video Management System <1.0.4 - XSS
CVSS 6.1
CVE-2024-12214 MEDIUM
WooCommerce HSS Extension <= 3.31 - Unauthenticated XSS via videolink Parameter
CVSS 6.1
CVE-2024-12207 MEDIUM
Toggles Shortcode & Widget <1.14 - XSS
CVSS 4.4
CVE-2024-12153 MEDIUM
GDY Modular Content <= 0.9.92 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-12126 MEDIUM
SEO Keywords <= 1.1.3 - Unauthenticated Reflected Cross-Site Scripting via google_error Parameter
CVSS 6.1
CVE-2024-12049 MEDIUM
Woo Ukrposhta <= 1.17.11 - Unauthenticated Reflected Cross-Site Scripting via Order/Post/IDD Parameters
CVSS 6.1
Details
Vulnerabilities 45,364
Exploit Likelihood High