CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,390 vulnerabilities with CWE-79
CVE-2024-9881
MEDIUM
LearnPress < 4.2.7.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-9641
MEDIUM
LuckyWP Table of Contents < 2.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-9428
MEDIUM
Popup Builder < 4.3.5 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12072
MEDIUM
Analytics Cat - Google Analytics Made Easy <1.1.2 - XSS
CVSS 6.1
CVE-2024-11882
MEDIUM
FAQ And Answers <= 1.1.0 - Authenticated Stored XSS via 'faq' Shortcode
CVSS 6.4
CVE-2024-11871
MEDIUM
Social Media Shortcodes <1.3.0 - XSS
CVSS 6.4
CVE-2024-11785
MEDIUM
Integrate Firebase plugin <0.9.3 - XSS
CVSS 6.4
CVE-2024-11781
MEDIUM
Smart Agenda - WordPress <4.6 - XSS
CVSS 6.4
CVE-2024-11766
MEDIUM
WordPress Book Plugin <= 1.3.1 - Authenticated Stored XSS via gs_book_showcase Shortcode
CVSS 6.4
CVE-2024-11765
MEDIUM
WordPress Portfolio Plugin <1.6.3 - XSS
CVSS 6.4
CVE-2024-11757
MEDIUM
WP GeoNames <= 1.9.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11359
MEDIUM
Library Bookshelves <= 5.8 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11052
HIGH
Ninja Forms < 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Calculations Parameter
CVSS 7.2
CVE-2024-10637
MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.2.54 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-10568
MEDIUM
Ajax Search Lite < 4.12.4 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.7
CVE-2024-10518
MEDIUM
ProfilePress < 4.15.15 - Authenticated Stored Cross-Site Scripting in Membership Plan Settings
CVSS 4.8
CVE-2024-10517
MEDIUM
ProfilePress < 4.15.15 - Authenticated Stored Cross-Site Scripting in Drag & Drop Builder Fields
CVSS 4.8
CVE-2024-10010
MEDIUM
LearnPress < 4.2.7.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12463
MEDIUM
Arena.IM < 0.4.1 - Authenticated Stored XSS via arena_embed_amp Shortcode
CVSS 6.4
CVE-2024-12441
MEDIUM
BP Email Assign Templates <1.5 - XSS
CVSS 6.1
CVE-2024-12162
MEDIUM
Video & Photo Gallery for Ultimate Member <1.1.1 - XSS
CVSS 6.1
CVE-2024-12156
MEDIUM
WordPress Autoblogging SEO Help <6.1.3 - XSS
CVSS 6.1
CVE-2024-11891
MEDIUM
Perfect Font Awesome Integration <2.3 - XSS
CVSS 6.4
CVE-2024-11875
MEDIUM
Add infos to The Events Calendar <= 1.4.1 - Authenticated Stored Cross-Site Scripting via 'fuss' Shortcode
CVSS 6.4
CVE-2024-11804
MEDIUM
Planaday API <= 11.4 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
Details
Vulnerabilities
45,390
Exploit Likelihood
High