CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,423 vulnerabilities with CWE-79
CVE-2024-50520
MEDIUM
Ancient World Linked Data <0.2.1 - XSS
CVSS 6.5
CVE-2024-50519
HIGH
Visser Labs Jigoshop - Store Exporter <1.5.8 - XSS
CVSS 7.1
CVE-2024-50518
MEDIUM
Common Ninja Pricer Ninja <2.1.0 - XSS
CVSS 6.5
CVE-2024-50517
MEDIUM
SlovenskoIT a.s. ID-SK Toolkit <1.7.2 - XSS
CVSS 6.5
CVE-2024-50516
MEDIUM
Countdown & Clock <= 3.0.8 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50515
MEDIUM
Ninja Forms <= 3.8.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50514
MEDIUM
Ninja Forms <= 3.8.16 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50513
MEDIUM
PostX <= 4.1.15 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-50803
MEDIUM
Redaxo < 5.18.0 - Stored Cross-Site Scripting in Mediapool Feature
CVSS 5.4
CVE-2024-9830
MEDIUM
Bard <= 2.216 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-9777
MEDIUM
Ashe < 2.243 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-11224
MEDIUM
Parallax Image <= 1.9 - Authenticated Stored Cross-Site Scripting via Position Parameter
CVSS 6.4
CVE-2024-11198
MEDIUM
GD Rating System <= 3.6.1 - Authenticated Stored Cross-Site Scripting via Extra Class Parameter
CVSS 6.4
CVE-2024-11195
MEDIUM
Email Subscription Popup <= 1.2.22 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11098
MEDIUM
SVG Block plugin - WordPress <1.1.25 - XSS
CVSS 5.5
CVE-2024-10388
HIGH
WordPress GDPR <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting via gdpr_firstname and gdpr_lastname Parameters
CVSS 7.2
CVE-2024-10268
MEDIUM
MP3 Audio Player by Sonaar <= 5.8 - Authenticated Stored XSS via sonaar_audioplayer Shortcode
CVSS 6.4
CVE-2024-10103
MEDIUM
MailPoet < 5.3.2 - Stored Cross-Site Scripting via Editor Role
CVSS 6.1
CVE-2024-52340
MEDIUM
Marty Thornley Photographer Connections <1.3.1 - XSS
CVSS 6.5
CVE-2024-52339
MEDIUM
Mage Front End Forms <= 1.1.4 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-51940
MEDIUM
SohelWPExpert WP Responsive Video <1.0 - XSS
CVSS 6.5
CVE-2024-51939
MEDIUM
S anthosh veer Stylish Internal Links <1.9 - XSS
CVSS 6.5
CVE-2024-33231
MEDIUM
Ferozo Email 1.1 - Cross-Site Scripting via PDF Preview Component
CVSS 5.4
CVE-2024-52418
HIGH
CactusThemes Gameplan <1.5.10 - XSS
CVSS 7.1
CVE-2024-52417
HIGH
BoldThemes ReConstruction <1.4.7 - XSS
CVSS 7.1
Details
Vulnerabilities
45,423
Exploit Likelihood
High