CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,445 vulnerabilities with CWE-79
CVE-2024-10055
MEDIUM
Click to Chat - WP Support All-in-One Floating Widget <2.3.3 - XSS
CVSS 6.4
CVE-2024-9703
MEDIUM
Arconix Shortcodes <= 2.1.12 - Authenticated Stored Cross-Site Scripting via Button Shortcode
CVSS 6.4
CVE-2024-9206
MEDIUM
MAS Companies For WP Job Manager <= 1.0.13 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-47793
MEDIUM
Exment <= 5.0.11 and <= 6.1.4 - Stored Cross-Site Scripting in Custom Column Edit Screen
CVSS 5.4
CVE-2024-9892
MEDIUM
Add Widget After Content <= 2.4.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9848
MEDIUM
Product Customizer Light <= 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9452
MEDIUM
Branding < 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9383
MEDIUM
Parcel Pro < 1.8.4 - Unauthenticated Reflected Cross-Site Scripting via Action Parameter
CVSS 6.1
CVE-2024-9382
MEDIUM
Gantry 4 Framework < 4.1.21 - Unauthenticated Reflected Cross-Site Scripting via override_id Parameter
CVSS 6.1
CVE-2024-9373
MEDIUM
Elemenda <= 0.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9366
MEDIUM
Easy Menu Manager | WPZest <= 1.0.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9350
MEDIUM
DPD Baltic Shipping <= 1.2.83 - Unauthenticated Reflected Cross-Site Scripting via search_value Parameter
CVSS 6.1
CVE-2024-8916
MEDIUM
Suki Sites Import <= 1.2.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8790
MEDIUM
Social Share With Floating Bar <1.0.3 - XSS
CVSS 6.1
CVE-2024-8740
MEDIUM
GetResponse Forms by Optin Cat <2.5.6 - XSS
CVSS 6.1
CVE-2024-10049
MEDIUM
Edit WooCommerce Templates <1.1.2 - XSS
CVSS 6.1
CVE-2024-10014
MEDIUM
Flat UI Button 1.0 - Authenticated Stored Cross-Site Scripting via flatbtn Shortcode
CVSS 6.4
CVE-2024-30875
HIGH
jquery-ui 1.13.1 - Cross-Site Scripting via window.addEventListener
CVSS 7.1
CVE-2024-49288
MEDIUM
Email Template Customizer for WooCommerce <= 1.2.9.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-49283
HIGH
VillaTheme CURCY <= 2.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49282
MEDIUM
dFactory Responsive Lightbox <2.4.8 - XSS
CVSS 5.9
CVE-2024-49280
MEDIUM
Weblizar Lightbox slider - Responsive Lightbox Gallery <1.10.0 - XSS
CVSS 6.5
CVE-2024-49279
MEDIUM
TipTopPress Hyperlink Group Block <1.17.5 - XSS
CVSS 6.5
CVE-2024-49278
HIGH
Omnipress <= 1.4.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-49277
MEDIUM
UltraAddons Elementor Lite <1.1.8 - XSS
CVSS 6.5
Details
Vulnerabilities
45,445
Exploit Likelihood
High