CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,364 vulnerabilities with CWE-79
CVE-2024-12438
MEDIUM
WooCommerce Digital Content Delivery - FlickRocket <4.74 - XSS
CVSS 6.1
CVE-2024-12384
MEDIUM
Binary MLM Woocommerce < 2.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12261
MEDIUM
SmartEmailing.cz < 2.2.0 - Unauthenticated Reflected Cross-Site Scripting via se-lists-updated Parameter
CVSS 6.1
CVE-2024-12073
MEDIUM
Meteor Slides < 1.5.7 - Authenticated Stored Cross-Site Scripting via slide_url_value Parameter
CVSS 6.4
CVE-2024-11887
MEDIUM
Geo Content < 6.0 - Authenticated Stored Cross-Site Scripting via geotargetlygeocontent Shortcode
CVSS 6.4
CVE-2024-11756
MEDIUM
SweepWidget <= 2.0.6 - Authenticated Stored XSS via Shortcode Attributes
CVSS 6.4
CVE-2024-11749
MEDIUM
App Embed <= 2.3.2 - Authenticated Stored Cross-Site Scripting via 'appizy' Shortcode
CVSS 6.4
CVE-2024-11606
MEDIUM
Tabs Shortcode WordPress <2.0.2 - XSS
CVSS 5.3
CVE-2024-11369
MEDIUM
Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected XSS via Coupon Parameters
CVSS 6.1
CVE-2024-10562
LOW
10Web Form Maker < 1.15.31 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 2.7
CVE-2024-10102
LOW
robo_gallery < 3.2.22 - Authenticated Stored Cross-Site Scripting in Gallery Settings
CVSS 2.7
CVE-2024-9208
MEDIUM
Enable Accessibility <= 1.4.1 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg and remove_query_arg
CVSS 6.1
CVE-2024-12462
MEDIUM
YOGO Booking <= 1.6.2 - Authenticated Stored Cross-Site Scripting via yogo-calendar Shortcode
CVSS 6.4
CVE-2024-12457
MEDIUM
Chat Support for Viber - Chat Bubble and Chat Button for Gutenberg,...
CVSS 6.4
CVE-2024-12453
MEDIUM
Uptodown APK Download Widget <0.1.2 - XSS
CVSS 6.4
CVE-2024-12445
MEDIUM
RightMessage WP <= 0.9.7 - Authenticated Stored Cross-Site Scripting via rm_area Shortcode
CVSS 6.4
CVE-2024-12435
MEDIUM
Compare Products for WooCommerce <= 3.2.1 - Unauthenticated Reflected Cross-Site Scripting via s_feature Parameter
CVSS 6.1
CVE-2024-12324
MEDIUM
Unilevel MLM Plan <= 1.1.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-12290
MEDIUM
Infility Global <= 2.9.8 - Unauthenticated Reflected Cross-Site Scripting via set_type Parameter
CVSS 6.1
CVE-2024-12256
MEDIUM
Simple Video Management System <1.0.4 - XSS
CVSS 6.1
CVE-2024-12214
MEDIUM
WooCommerce HSS Extension <= 3.31 - Unauthenticated XSS via videolink Parameter
CVSS 6.1
CVE-2024-12207
MEDIUM
Toggles Shortcode & Widget <1.14 - XSS
CVSS 4.4
CVE-2024-12153
MEDIUM
GDY Modular Content <= 0.9.92 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-12126
MEDIUM
SEO Keywords <= 1.1.3 - Unauthenticated Reflected Cross-Site Scripting via google_error Parameter
CVSS 6.1
CVE-2024-12049
MEDIUM
Woo Ukrposhta <= 1.17.11 - Unauthenticated Reflected Cross-Site Scripting via Order/Post/IDD Parameters
CVSS 6.1
Details
Vulnerabilities
45,364
Exploit Likelihood
High