CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,880 vulnerabilities with CWE-79
CVE-2026-25354 HIGH
WordPress Reebox theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25353 HIGH
WordPress Nooni theme < 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25352 HIGH
WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25351 HIGH
WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25350 HIGH
WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25349 HIGH
WordPress Loobek theme < 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25347 HIGH
WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25346 HIGH
WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25342 HIGH
WordPress Boutique theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25341 HIGH
WordPress RSFirewall! plugin <= 1.1.45 - Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25306 HIGH
WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25304 HIGH
WordPress Jaroti theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25033 HIGH
WordPress Motta Addons plugin < 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25025 HIGH
WordPress VikRestaurants plugin <= 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25018 HIGH
WordPress NaturaLife Extensions plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-25013 HIGH
WordPress Phox Hosting plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24983 HIGH
WordPress UpSolution Core plugin <= 8.41 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24980 HIGH
WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24979 HIGH
WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24975 HIGH
WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24973 HIGH
WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24391 HIGH
WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-24370 MEDIUM
WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability
CVSS 6.5
CVE-2026-23979 HIGH
WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
CVE-2026-23973 HIGH
WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVSS 7.1
Details
Vulnerabilities 44,880
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits