CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,371 vulnerabilities with CWE-79
CVE-2024-12411
MEDIUM
WP Ad Guru - WordPress <2.5.4 - XSS
CVSS 6.1
CVE-2024-11894
MEDIUM
The Permalinker <= 1.8.1 - Authenticated Stored Cross-Site Scripting via Permalink Shortcode
CVSS 6.4
CVE-2024-11889
MEDIUM
My IDX Home Search <= 2.1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11888
MEDIUM
IDer Login for WordPress <= 2.1 - Authenticated Stored Cross-Site Scripting via ider_login_button Shortcode
CVSS 6.4
CVE-2024-11884
MEDIUM
Wp photo text slider 50 <= 8.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11883
MEDIUM
Connatix Video Embed <= 1.0.5 - Authenticated Stored Cross-Site Scripting via cnx_script_code Shortcode
CVSS 6.4
CVE-2024-11877
MEDIUM
Cricket Live Score <= 2.0.2 - Authenticated Stored Cross-Site Scripting via cricket_score Shortcode
CVSS 6.4
CVE-2024-11876
MEDIUM
Kredeum NFTs < 1.6.9 - Authenticated Stored Cross-Site Scripting via 'kredeum_opensky' Shortcode
CVSS 6.4
CVE-2024-11873
MEDIUM
glomex oEmbed <= 0.9.1 - Authenticated Stored Cross-Site Scripting via glomex_integration Shortcode
CVSS 6.4
CVE-2024-11869
MEDIUM
Buk for WordPress <= 1.0.7 - Authenticated Stored Cross-Site Scripting via 'buk' Shortcode
CVSS 6.4
CVE-2024-11867
MEDIUM
Companion Portfolio - Responsive Portfolio Plugin <2.4.0.1 - XSS
CVSS 6.4
CVE-2024-11865
MEDIUM
Tabs Maker <= 1.0 - Authenticated Stored Cross-Site Scripting in Tab Descriptions
CVSS 6.4
CVE-2024-11855
MEDIUM
Koalendar - Events & Appointments Booking Calendar <1.0.2 - XSS
CVSS 6.4
CVE-2024-11770
MEDIUM
Post Carousel & Slider <1.0.4 - XSS
CVSS 6.4
CVE-2024-11763
MEDIUM
Plezi <= 1.0.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11759
MEDIUM
Bukza < 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11755
MEDIUM
WordPress IMS Countdown <1.3.4 - XSS
CVSS 6.4
CVE-2024-11751
MEDIUM
TCBD Popover <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11462
MEDIUM
Filestack < 2.0.0 & Filestack WP Upload < 2.1.0 - Unauthenticated XSS via fstab & filestack_options
CVSS 6.1
CVE-2024-11095
MEDIUM
Visualmodo Elements <= 1.0.2 - Authenticated Stored Cross-Site Scripting via REST API SVG File Upload
CVSS 6.4
CVE-2024-55890
MEDIUM
dtale < 3.16.1 - Remote Code Execution via Custom Filter Settings
CVE-2024-54139
HIGH
Combodo iTop <2.7.11, <3.1.2, <3.2.0 - XSS
CVSS 7.9
CVE-2024-54349
MEDIUM
mashiurz.com Plain Post <1.0.3 - XSS
CVSS 6.5
CVE-2024-54347
HIGH
BAKKBONE Australia FloristPress <7.2.0 - XSS
CVSS 7.1
CVE-2024-54346
MEDIUM
Barter <= 1.6 - DOM-Based Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities
45,371
Exploit Likelihood
High