CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,858 vulnerabilities with CWE-79
CVE-2026-4303 MEDIUM
WP Visitor Statistics (Real Time Traffic) <= 8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute
CVSS 6.4
CVE-2026-4300 MEDIUM
Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting
CVSS 6.4
CVE-2026-4073 MEDIUM
pdfl.io <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute
CVSS 6.4
CVE-2026-4025 MEDIUM
PrivateContent Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute
CVSS 6.4
CVE-2026-39708 MEDIUM
WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39703 MEDIUM
WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39702 MEDIUM
WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39696 MEDIUM
WordPress Elfsight WhatsApp Chat CC plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39693 MEDIUM
WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39692 MEDIUM
WordPress tagDiv Composer plugin <= 5.4.3 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39683 MEDIUM
WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39674 MEDIUM
WordPress MK Google Directions plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39667 MEDIUM
WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39666 MEDIUM
WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39665 MEDIUM
WordPress SEO Friendly Images plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39654 MEDIUM
WordPress WP Simple HTML Sitemap plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39646 MEDIUM
WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39638 MEDIUM
WordPress Qubely plugin <= 1.8.14 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39636 MEDIUM
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39615 MEDIUM
WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39604 MEDIUM
WordPress MyBookTable Bookstore plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39575 MEDIUM
WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39541 MEDIUM
WordPress Hydra Booking plugin <= 1.1.38 - Cross Site Scripting (XSS) vulnerability
CVSS 5.9
CVE-2026-39517 MEDIUM
WordPress Blog Filter plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-39508 MEDIUM
WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
Details
Vulnerabilities 44,858
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits