CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,371 vulnerabilities with CWE-79
CVE-2024-12411 MEDIUM
WP Ad Guru - WordPress <2.5.4 - XSS
CVSS 6.1
CVE-2024-11894 MEDIUM
The Permalinker <= 1.8.1 - Authenticated Stored Cross-Site Scripting via Permalink Shortcode
CVSS 6.4
CVE-2024-11889 MEDIUM
My IDX Home Search <= 2.1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11888 MEDIUM
IDer Login for WordPress <= 2.1 - Authenticated Stored Cross-Site Scripting via ider_login_button Shortcode
CVSS 6.4
CVE-2024-11884 MEDIUM
Wp photo text slider 50 <= 8.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11883 MEDIUM
Connatix Video Embed <= 1.0.5 - Authenticated Stored Cross-Site Scripting via cnx_script_code Shortcode
CVSS 6.4
CVE-2024-11877 MEDIUM
Cricket Live Score <= 2.0.2 - Authenticated Stored Cross-Site Scripting via cricket_score Shortcode
CVSS 6.4
CVE-2024-11876 MEDIUM
Kredeum NFTs < 1.6.9 - Authenticated Stored Cross-Site Scripting via 'kredeum_opensky' Shortcode
CVSS 6.4
CVE-2024-11873 MEDIUM
glomex oEmbed <= 0.9.1 - Authenticated Stored Cross-Site Scripting via glomex_integration Shortcode
CVSS 6.4
CVE-2024-11869 MEDIUM
Buk for WordPress <= 1.0.7 - Authenticated Stored Cross-Site Scripting via 'buk' Shortcode
CVSS 6.4
CVE-2024-11867 MEDIUM
Companion Portfolio - Responsive Portfolio Plugin <2.4.0.1 - XSS
CVSS 6.4
CVE-2024-11865 MEDIUM
Tabs Maker <= 1.0 - Authenticated Stored Cross-Site Scripting in Tab Descriptions
CVSS 6.4
CVE-2024-11855 MEDIUM
Koalendar - Events & Appointments Booking Calendar <1.0.2 - XSS
CVSS 6.4
CVE-2024-11770 MEDIUM
Post Carousel & Slider <1.0.4 - XSS
CVSS 6.4
CVE-2024-11763 MEDIUM
Plezi <= 1.0.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11759 MEDIUM
Bukza < 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11755 MEDIUM
WordPress IMS Countdown <1.3.4 - XSS
CVSS 6.4
CVE-2024-11751 MEDIUM
TCBD Popover <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11462 MEDIUM
Filestack < 2.0.0 & Filestack WP Upload < 2.1.0 - Unauthenticated XSS via fstab & filestack_options
CVSS 6.1
CVE-2024-11095 MEDIUM
Visualmodo Elements <= 1.0.2 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-55890 MEDIUM
dtale < 3.16.1 - Remote Code Execution via Custom Filter Settings
CVE-2024-54139 HIGH
Combodo iTop <2.7.11, <3.1.2, <3.2.0 - XSS
CVSS 7.9
CVE-2024-54349 MEDIUM
mashiurz.com Plain Post <1.0.3 - XSS
CVSS 6.5
CVE-2024-54347 HIGH
BAKKBONE Australia FloristPress <7.2.0 - XSS
CVSS 7.1
CVE-2024-54346 MEDIUM
Barter <= 1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,371
Exploit Likelihood High