CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,390 vulnerabilities with CWE-79
CVE-2024-9881 MEDIUM
LearnPress < 4.2.7.2 - Authenticated Stored Cross-Site Scripting in Settings
CVSS 4.8
CVE-2024-9641 MEDIUM
LuckyWP Table of Contents < 2.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-9428 MEDIUM
Popup Builder < 4.3.5 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12072 MEDIUM
Analytics Cat - Google Analytics Made Easy <1.1.2 - XSS
CVSS 6.1
CVE-2024-11882 MEDIUM
FAQ And Answers <= 1.1.0 - Authenticated Stored XSS via 'faq' Shortcode
CVSS 6.4
CVE-2024-11871 MEDIUM
Social Media Shortcodes <1.3.0 - XSS
CVSS 6.4
CVE-2024-11785 MEDIUM
Integrate Firebase plugin <0.9.3 - XSS
CVSS 6.4
CVE-2024-11781 MEDIUM
Smart Agenda - WordPress <4.6 - XSS
CVSS 6.4
CVE-2024-11766 MEDIUM
WordPress Book Plugin <= 1.3.1 - Authenticated Stored XSS via gs_book_showcase Shortcode
CVSS 6.4
CVE-2024-11765 MEDIUM
WordPress Portfolio Plugin <1.6.3 - XSS
CVSS 6.4
CVE-2024-11757 MEDIUM
WP GeoNames <= 1.9.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11359 MEDIUM
Library Bookshelves <= 5.8 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11052 HIGH
Ninja Forms < 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Calculations Parameter
CVSS 7.2
CVE-2024-10637 MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.2.54 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-10568 MEDIUM
Ajax Search Lite < 4.12.4 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.7
CVE-2024-10518 MEDIUM
ProfilePress < 4.15.15 - Authenticated Stored Cross-Site Scripting in Membership Plan Settings
CVSS 4.8
CVE-2024-10517 MEDIUM
ProfilePress < 4.15.15 - Authenticated Stored Cross-Site Scripting in Drag & Drop Builder Fields
CVSS 4.8
CVE-2024-10010 MEDIUM
LearnPress < 4.2.7.2 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-12463 MEDIUM
Arena.IM < 0.4.1 - Authenticated Stored XSS via arena_embed_amp Shortcode
CVSS 6.4
CVE-2024-12441 MEDIUM
BP Email Assign Templates <1.5 - XSS
CVSS 6.1
CVE-2024-12162 MEDIUM
Video & Photo Gallery for Ultimate Member <1.1.1 - XSS
CVSS 6.1
CVE-2024-12156 MEDIUM
WordPress Autoblogging SEO Help <6.1.3 - XSS
CVSS 6.1
CVE-2024-11891 MEDIUM
Perfect Font Awesome Integration <2.3 - XSS
CVSS 6.4
CVE-2024-11875 MEDIUM
Add infos to The Events Calendar <= 1.4.1 - Authenticated Stored Cross-Site Scripting via 'fuss' Shortcode
CVSS 6.4
CVE-2024-11804 MEDIUM
Planaday API <= 11.4 - Unauthenticated Reflected Cross-Site Scripting via Tab Parameter
CVSS 6.1
Details
Vulnerabilities 45,390
Exploit Likelihood High