CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,417 vulnerabilities with CWE-79
CVE-2024-11447
MEDIUM
The Community by PeepSo - Download from PeepSo.com <7.0.3.0 - XSS
CVSS 6.1
CVE-2024-11440
MEDIUM
Grey Owl Lightbox <= 1.6.1 - Authenticated Stored Cross-Site Scripting via gol_button Shortcode
CVSS 6.4
CVE-2024-11438
MEDIUM
StreamWeasels Online Status Bar <2.1.9 - XSS
CVSS 6.4
CVE-2024-11435
MEDIUM
Salavat counter Plugin <0.9.1 - XSS
CVSS 6.1
CVE-2024-11432
MEDIUM
SuevaFree Essential Kit <1.1.3 - XSS
CVSS 6.4
CVE-2024-11428
MEDIUM
WordPress Lazy Load Videos & Sticky Control <3.0.0 - XSS
CVSS 6.4
CVE-2024-11424
MEDIUM
Slick Sitemap <= 2.0.0 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11414
MEDIUM
RecipePress Reloaded <= 2.12.0 - Authenticated Stored Cross-Site Scripting via Recipe Ingredients
CVSS 6.4
CVE-2024-11412
MEDIUM
Shine PDF Embeder <= 1.0 - Authenticated Stored Cross-Site Scripting via shinepdf Shortcode
CVSS 6.4
CVE-2024-11388
MEDIUM
Dino Game WordPress <= 1.1.0 - Authenticated Stored XSS via Shortcode
CVSS 6.4
CVE-2024-11385
MEDIUM
Pure CSS Circle Progress bar <1.2 - XSS
CVSS 6.4
CVE-2024-11371
MEDIUM
Theater for WordPress <0.18.6.2 - XSS
CVSS 6.1
CVE-2024-11370
MEDIUM
Subaccounts for WooCommerce <1.6.0 - XSS
CVSS 6.1
CVE-2024-11365
MEDIUM
Crypto DeFi Widgets - WordPress <1.1.6 - XSS
CVSS 6.1
CVE-2024-11360
MEDIUM
Page Parts <= 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via remove_query_arg
CVSS 6.1
CVE-2024-10890
MEDIUM
WPAdverts - Classifieds Plugin <2.1.7 - XSS
CVSS 6.1
CVE-2024-10792
MEDIUM
WPFunnels <= 3.5.5 - Unauthenticated Reflected XSS via post_id
CVSS 6.1
CVE-2024-10788
HIGH
Activity Log <= 2.11.1 - Unauthenticated Stored XSS via Event Parameters
CVSS 7.2
CVE-2024-10785
MEDIUM
Gutenberg Blocks with AI by Kadence WP < 3.3.4 - Authenticated Stored Cross-Site Scripting via Countdown Widget
CVSS 6.4
CVE-2024-10682
MEDIUM
Announcement & Notification Banner - Bulletin <3.11.7 - XSS
CVSS 6.1
CVE-2024-10675
MEDIUM
WordPress affiliate-toolkit <3.6.7 - XSS
CVSS 6.1
CVE-2024-10623
MEDIUM
ForumEngine <= 1.8 - Unauthenticated Reflected Cross-Site Scripting via URL
CVSS 6.1
CVE-2024-10522
MEDIUM
WordPress Co-marquage service-public.fr plugin <=0.5.76 - XSS
CVSS 6.1
CVE-2024-10482
MEDIUM
Media File Rename < 1.5.0 - Authenticated Stored XSS via SVG Upload
CVSS 5.4
CVE-2024-10177
MEDIUM
Beds24 Online Booking <2.0.26 - XSS
CVSS 6.4
Details
Vulnerabilities
45,417
Exploit Likelihood
High