CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,445 vulnerabilities with CWE-79
CVE-2024-10055 MEDIUM
Click to Chat - WP Support All-in-One Floating Widget <2.3.3 - XSS
CVSS 6.4
CVE-2024-9703 MEDIUM
Arconix Shortcodes <= 2.1.12 - Authenticated Stored Cross-Site Scripting via Button Shortcode
CVSS 6.4
CVE-2024-9206 MEDIUM
MAS Companies For WP Job Manager <= 1.0.13 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg
CVSS 6.1
CVE-2024-47793 MEDIUM
Exment <= 5.0.11 and <= 6.1.4 - Stored Cross-Site Scripting in Custom Column Edit Screen
CVSS 5.4
CVE-2024-9892 MEDIUM
Add Widget After Content <= 2.4.6 - Authenticated Stored Cross-Site Scripting via Admin Settings
CVSS 4.4
CVE-2024-9848 MEDIUM
Product Customizer Light <= 1.0.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9452 MEDIUM
Branding < 1.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9383 MEDIUM
Parcel Pro < 1.8.4 - Unauthenticated Reflected Cross-Site Scripting via Action Parameter
CVSS 6.1
CVE-2024-9382 MEDIUM
Gantry 4 Framework < 4.1.21 - Unauthenticated Reflected Cross-Site Scripting via override_id Parameter
CVSS 6.1
CVE-2024-9373 MEDIUM
Elemenda <= 0.0.2 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9366 MEDIUM
Easy Menu Manager | WPZest <= 1.0.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-9350 MEDIUM
DPD Baltic Shipping <= 1.2.83 - Unauthenticated Reflected Cross-Site Scripting via search_value Parameter
CVSS 6.1
CVE-2024-8916 MEDIUM
Suki Sites Import <= 1.2.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload
CVSS 6.4
CVE-2024-8790 MEDIUM
Social Share With Floating Bar <1.0.3 - XSS
CVSS 6.1
CVE-2024-8740 MEDIUM
GetResponse Forms by Optin Cat <2.5.6 - XSS
CVSS 6.1
CVE-2024-10049 MEDIUM
Edit WooCommerce Templates <1.1.2 - XSS
CVSS 6.1
CVE-2024-10014 MEDIUM
Flat UI Button 1.0 - Authenticated Stored Cross-Site Scripting via flatbtn Shortcode
CVSS 6.4
CVE-2024-30875 HIGH
jquery-ui 1.13.1 - Cross-Site Scripting via window.addEventListener
CVSS 7.1
CVE-2024-49288 MEDIUM
Email Template Customizer for WooCommerce <= 1.2.9.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-49283 HIGH
VillaTheme CURCY <= 2.2.3 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-49282 MEDIUM
dFactory Responsive Lightbox <2.4.8 - XSS
CVSS 5.9
CVE-2024-49280 MEDIUM
Weblizar Lightbox slider - Responsive Lightbox Gallery <1.10.0 - XSS
CVSS 6.5
CVE-2024-49279 MEDIUM
TipTopPress Hyperlink Group Block <1.17.5 - XSS
CVSS 6.5
CVE-2024-49278 HIGH
Omnipress <= 1.4.3 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-49277 MEDIUM
UltraAddons Elementor Lite <1.1.8 - XSS
CVSS 6.5
Details
Vulnerabilities 45,445
Exploit Likelihood High