CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,880 vulnerabilities with CWE-79
CVE-2026-32526 HIGH
WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32521 MEDIUM
WordPress WP Custom Admin Interface plugin <= 7.42 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-32518 HIGH
WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32517 HIGH
WordPress Contact Manager plugin <= 9.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32494 HIGH
WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32493 HIGH
WordPress JobSearch plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-32491 MEDIUM
WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-32490 MEDIUM
WordPress WP TripAdvisor Review Slider plugin <= 14.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-31914 MEDIUM
WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-2995 HIGH
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
CVSS 7.7
CVE-2026-2973 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVSS 5.4
CVE-2026-27088 HIGH
WordPress Darna Framework plugin <= 2.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-27087 HIGH
WordPress Wolverine Framework plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-27054 HIGH
WordPress Penci Soledad Data Migrator plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25465 MEDIUM
WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-25461 HIGH
WordPress Listeo Core plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25452 HIGH
WordPress Remoji plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25435 HIGH
WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25417 MEDIUM
WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-25383 HIGH
WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25376 HIGH
WordPress Addon Jobsearch Chat plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25373 HIGH
WordPress Vayvo - Media Streaming & Membership WordPress Theme theme < 6.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25361 HIGH
WordPress WpEvently plugin <= 5.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25356 HIGH
WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25355 MEDIUM
WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
Details
Vulnerabilities 44,880
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits