CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,450 vulnerabilities with CWE-79
CVE-2024-44025 MEDIUM
NiceJob < 3.6.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44024 MEDIUM
NicheAddons Medical Addon <1.4 - XSS
CVSS 6.5
CVE-2024-44022 MEDIUM
Trustmary Review & testimonial widgets <= 1.0.5 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-44010 MEDIUM
Full frame <= 2.7.2 - Stored Cross-Site Scripting
CVSS 5.1
CVE-2024-47322 HIGH
Ex-Themes WP Timeline - Vertical & Horizontal <3.6.7 - XSS
CVSS 7.1
CVE-2024-47320 HIGH
WS Form LITE <= 1.9.238 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-47313 MEDIUM
Catch Base <= 3.4.6 - Stored Cross-Site Scripting
CVSS 5.1
CVE-2024-47310 MEDIUM
ARI Fancy Lightbox <= 1.3.17 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-47307 MEDIUM
Essential Plugin Meta slider & carousel - XSS
CVSS 6.5
CVE-2024-47306 HIGH
Copy Content Protection <4.2.3 - XSS
CVSS 7.1
CVE-2024-47301 HIGH
Bit Form - Contact Form Plugin <2.13.10 - XSS
CVSS 7.1
CVE-2024-47300 HIGH
CubeWP Forms - All-in-One Form Builder <= 1.1.1 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-47299 MEDIUM
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.17.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-47298 MEDIUM
BoldThemes Bold Page Builder <5.1.1 - XSS
CVSS 6.5
CVE-2024-47297 HIGH
CP Polls <= 1.0.74 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-45454 HIGH
Unlimited Elements For Elementor <1.5.121 - XSS
CVSS 7.1
CVE-2024-44046 MEDIUM
Themify - WooCommerce Product Filter <= 1.5.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-44045 MEDIUM
WP Abstracts <= 2.6.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-44043 MEDIUM
10Web Photo Gallery < 1.8.27 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-44042 MEDIUM
WP Datepicker <= 2.1.1 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-44041 MEDIUM
IdeaPush <= 8.66 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-47355 MEDIUM
Cozy Blocks <= 2.0.11 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-47352 HIGH
Xylus Themes WP Bulk Delete <1.3.1 - XSS
CVSS 7.1
CVE-2024-47349 HIGH
WPMobile.App <= 11.50 - Reflected Cross-Site Scripting
CVSS 7.1
CVE-2024-47348 HIGH
WaspThemes YellowPencil <7.6.4 - XSS
CVSS 7.1
Details
Vulnerabilities 45,450
Exploit Likelihood High