CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,414 vulnerabilities with CWE-79
CVE-2024-54207
MEDIUM
Owen Cutajar & Hyder Jaffari WordPress Auction Plugin <3.7 - XSS
CVSS 5.9
CVE-2024-54206
MEDIUM
URBAN BASE Z-Downloads <1.11.7 - XSS
CVSS 5.9
CVE-2024-53823
MEDIUM
The Plus Addons for Elementor Page Builder Lite <= 5.6.14 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-53821
HIGH
Genetech Pie Register Premium <3.8.3.3 - XSS
CVSS 7.1
CVE-2024-53820
MEDIUM
Captivate Sync <= 2.0.22 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53812
HIGH
WP GeoNames <= 1.8 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-53802
MEDIUM
FuturioWP Futurio Extra <2.0.14 - XSS
CVSS 6.5
CVE-2024-53801
MEDIUM
BoldThemes Bold Page Builder <5.2.1 - XSS
CVSS 6.5
CVE-2024-53797
MEDIUM
Beaver Builder <= 2.8.4.3 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53796
MEDIUM
Themesflat Addons For Elementor <2.2.2 - XSS
CVSS 6.5
CVE-2024-53794
MEDIUM
LOOS,Inc. Arkhe Blocks <2.27.0 - XSS
CVSS 6.5
CVE-2024-4633
MEDIUM
Slider & Popup Builder by Depicter < 3.2.1 - Authenticated Stored Cross-Site Scripting via addExtraMimeType Function
CVSS 6.4
CVE-2024-11321
MEDIUM
Hi e-learning LMS <06.12.2024 - XSS
CVSS 5.4
CVE-2024-9872
MEDIUM
WordPress vcita < 4.5.1 - Authenticated Stored XSS via vcita_save_user_data_callback
CVSS 5.4
CVE-2024-9866
MEDIUM
Event Tickets with Ticket Scanner <2.4.4 - XSS
CVSS 5.4
CVE-2024-12060
MEDIUM
WP Media Optimizer (.webp) <= 1.4.0 - Unauthenticated Reflected Cross-Site Scripting via CSS and JS Resource Parameters
CVSS 6.1
CVE-2024-11823
MEDIUM
WordPress Folder Gallery <1.7.4 - XSS
CVSS 6.1
CVE-2024-11687
MEDIUM
WordPress Next-Cart Store <3.9.2 - XSS
CVSS 6.1
CVE-2024-11450
MEDIUM
ONLYOFFICE Docs <= 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11368
MEDIUM
Splash Sync <= 2.0.7 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11352
MEDIUM
TwentyTwenty <= 1.0.1 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11339
MEDIUM
Smart PopUp Blaster <= 1.4.3 - Authenticated Stored Cross-Site Scripting via 'spb-button' Shortcode
CVSS 6.4
CVE-2024-11276
MEDIUM
PDF Builder for WooCommerce <1.2.136 - XSS
CVSS 6.1
CVE-2024-11204
MEDIUM
ForumWP - Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via URL Parameter
CVSS 6.1
CVE-2024-10879
MEDIUM
ForumWP <= 2.1.2 - Unauthenticated Reflected XSS via add_query_arg/remove_query_arg
CVSS 6.1
Details
Vulnerabilities
45,414
Exploit Likelihood
High