CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,364 vulnerabilities with CWE-79
CVE-2024-11810
MEDIUM
PayGreen Payment Gateway plugin - XSS
CVSS 6.1
CVE-2024-11690
MEDIUM
Financial Stocks & Crypto Market Data Plugin <1.10.3 - XSS
CVSS 6.1
CVE-2024-11445
MEDIUM
Image Magnify <= 1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11434
MEDIUM
WP - Bulk SMS - by SMS.to <1.0.12 - XSS
CVSS 6.1
CVE-2024-11383
MEDIUM
CC Canadian Mortgage Calculator <2.1.0 - XSS
CVSS 6.4
CVE-2024-11382
MEDIUM
Common Ninja WordPress Plugin <= 1.1.0 - Authenticated Stored XSS via 'commonninja' Shortcode
CVSS 6.4
CVE-2024-11378
MEDIUM
Bizapp for WooCommerce <2.0.8 - XSS
CVSS 6.1
CVE-2024-11377
MEDIUM
WordPress Automate Hub Free <1.7.0 - XSS
CVSS 6.1
CVE-2024-11375
MEDIUM
WC1C <= 0.23.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11363
MEDIUM
WordPress Related Posts by Taxonomy <=1.0.16 - XSS
CVSS 6.1
CVE-2024-11338
MEDIUM
PIXNET Plugin <= 2.9.10 - Authenticated Stored Cross-Site Scripting via gtm and venue Parameters
CVSS 6.4
CVE-2024-11337
MEDIUM
Horoscope And Tarot < 1.3.0 - Authenticated Stored Cross-Site Scripting via divine_horoscope Shortcode
CVSS 6.4
CVE-2024-12592
MEDIUM
Sellsy < 2.3.3 - Authenticated Stored Cross-Site Scripting via testSellsy Shortcode
CVSS 6.4
CVE-2024-12590
MEDIUM
WP Youtube Gallery <= 1.9 - Authenticated Stored Cross-Site Scripting via ID Parameter
CVSS 6.4
CVE-2024-12528
MEDIUM
WordPress Survey & Poll Plugin <= 1.7.5 - Authenticated Stored XSS via wpsurveypoll_results Shortcode
CVSS 6.4
CVE-2024-12098
MEDIUM
ARS Affiliate Page Plugin <2.0.2 - XSS
CVSS 6.1
CVE-2024-11934
MEDIUM
Formaloo Form Maker & Customer Analytics - XSS
CVSS 6.4
CVE-2024-11899
MEDIUM
Slider Pro Lite <= 1.4.1 - Authenticated Stored Cross-Site Scripting via sliderpro Shortcode
CVSS 6.4
CVE-2024-11777
MEDIUM
Sell Media <= 2.5.8.5 - Authenticated Stored Cross-Site Scripting via Gutenberg Shortcode
CVSS 6.4
CVE-2024-55074
HIGH
grocy < 4.3.0 - Stored Cross-Site Scripting via Profile Picture Upload
CVSS 8.8
CVE-2024-46209
MEDIUM
REDAXO CMS 5.17.1 - Stored Cross-Site Scripting via Password Parameter in /media/test.html
CVSS 5.4
CVE-2024-35498
MEDIUM
Grav 1.7.45 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-46073
MEDIUM
IceHRM 32.4.0.OS - Reflected Cross-Site Scripting via Login Page Next Parameter
CVSS 6.1
CVE-2024-51472
LOW
IBM UrbanCode Deploy 7.2-7.2.3.13 and IBM DevOps Deploy 8.0-8.0.1.3 - HTML Injection in Web UI
CVSS 3.1
CVE-2024-51112
MEDIUM
pnetlab 5.3.11 - Open Redirect via Crafted Script
CVSS 6.1
Details
Vulnerabilities
45,364
Exploit Likelihood
High