CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,417 vulnerabilities with CWE-79
CVE-2024-11447 MEDIUM
The Community by PeepSo - Download from PeepSo.com <7.0.3.0 - XSS
CVSS 6.1
CVE-2024-11440 MEDIUM
Grey Owl Lightbox <= 1.6.1 - Authenticated Stored Cross-Site Scripting via gol_button Shortcode
CVSS 6.4
CVE-2024-11438 MEDIUM
StreamWeasels Online Status Bar <2.1.9 - XSS
CVSS 6.4
CVE-2024-11435 MEDIUM
Salavat counter Plugin <0.9.1 - XSS
CVSS 6.1
CVE-2024-11432 MEDIUM
SuevaFree Essential Kit <1.1.3 - XSS
CVSS 6.4
CVE-2024-11428 MEDIUM
WordPress Lazy Load Videos & Sticky Control <3.0.0 - XSS
CVSS 6.4
CVE-2024-11424 MEDIUM
Slick Sitemap <= 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11414 MEDIUM
RecipePress Reloaded <= 2.12.0 - Authenticated Stored Cross-Site Scripting via Recipe Ingredients
CVSS 6.4
CVE-2024-11412 MEDIUM
Shine PDF Embeder <= 1.0 - Authenticated Stored Cross-Site Scripting via shinepdf Shortcode
CVSS 6.4
CVE-2024-11388 MEDIUM
Dino Game WordPress <= 1.1.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-11385 MEDIUM
Pure CSS Circle Progress bar <1.2 - XSS
CVSS 6.4
CVE-2024-11371 MEDIUM
Theater for WordPress <0.18.6.2 - XSS
CVSS 6.1
CVE-2024-11370 MEDIUM
Subaccounts for WooCommerce <1.6.0 - XSS
CVSS 6.1
CVE-2024-11365 MEDIUM
Crypto DeFi Widgets - WordPress <1.1.6 - XSS
CVSS 6.1
CVE-2024-11360 MEDIUM
Page Parts <= 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-10890 MEDIUM
WPAdverts - Classifieds Plugin <2.1.7 - XSS
CVSS 6.1
CVE-2024-10792 MEDIUM
WPFunnels <= 3.5.5 - Unauthenticated Reflected XSS via post_id
CVSS 6.1
CVE-2024-10788 HIGH
Activity Log <= 2.11.1 - Unauthenticated Stored XSS via Event Parameters
CVSS 7.2
CVE-2024-10785 MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.3.4 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 6.4
CVE-2024-10682 MEDIUM
Announcement & Notification Banner - Bulletin <3.11.7 - XSS
CVSS 6.1
CVE-2024-10675 MEDIUM
WordPress affiliate-toolkit <3.6.7 - XSS
CVSS 6.1
CVE-2024-10623 MEDIUM
ForumEngine <= 1.8 - Unauthenticated Reflected Cross-Site Scripting via URL
CVSS 6.1
CVE-2024-10522 MEDIUM
WordPress Co-marquage service-public.fr plugin <=0.5.76 - XSS
CVSS 6.1
CVE-2024-10482 MEDIUM
Media File Rename < 1.5.0 - Authenticated Stored XSS via SVG Upload
CVSS 5.4
CVE-2024-10177 MEDIUM
Beds24 Online Booking <2.0.26 - XSS
CVSS 6.4
Details
Vulnerabilities 45,417
Exploit Likelihood High