CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,959 vulnerabilities with CWE-79
CVE-2026-2716
MEDIUM
WordPress Client Testimonial Slider <2.0 - XSS
CVSS 4.4
CVE-2026-2736
MEDIUM
OpenCms 18.0 - Reflected Cross-Site Scripting via Search Query Parameter
CVSS 6.1
CVE-2026-2735
MEDIUM
OpenCms 18.0 - Stored Cross-Site Scripting via Blog Article Text Parameter
CVSS 5.4
CVE-2026-27094
MEDIUM
GoDaddy CoBlocks <= 3.1.16 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-27074
MEDIUM
Shortcoder <= 6.5.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-27069
MEDIUM
PenciDesign Soledad <= 8.7.2 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2026-27059
MEDIUM
PenciDesign Penci Recipe <=4.1 - XSS
CVSS 6.5
CVE-2026-27058
MEDIUM
Penci Podcast <=1.7 - DOM-Based XSS
CVSS 6.5
CVE-2026-27057
MEDIUM
Penci Filter Everything <=1.7 - XSS
CVSS 6.5
CVE-2026-25472
MEDIUM
Fusion Builder <=3.14.3 - Stored XSS
CVSS 6.5
CVE-2026-25463
MEDIUM
Wpresidence Core <=5.4.0 - Stored XSS
CVSS 6.5
CVE-2026-25453
MEDIUM
Advanced iFrame <=2025.10 - DOM XSS
CVSS 6.5
CVE-2026-25451
MEDIUM
Bold Page Builder <= 5.6.9 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-25432
MEDIUM
Omnipress <= 1.6.7 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2026-25362
MEDIUM
FooPlugins FooGallery <= 3.1.11 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2026-25343
MEDIUM
VeronaLabs WP SMS <= 7.1 - DOM-Based Cross-Site Scripting
CVSS 5.9
CVE-2026-25331
MEDIUM
WP Activity Log <=5.5.4 - DOM-Based XSS
CVSS 6.5
CVE-2026-25307
MEDIUM
XStore Core < 5.7 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2026-25305
MEDIUM
XStore <= 9.6.4 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2026-25004
MEDIUM
CM Business Directory <=1.5.3 - XSS
CVSS 5.9
CVE-2026-24392
MEDIUM
HurryTimer <= 2.14.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2026-2502
MEDIUM
WordPress xmlrpc attacks blocker <=1.0 - XSS
CVSS 6.1
CVE-2026-2282
MEDIUM
Slidorion WordPress Plugin <=1.0.2 - XSS
CVSS 4.4
CVE-2026-1646
MEDIUM
Advance Block Extend <= 1.0.4 - Authenticated Stored Cross-Site Scripting via TitleColor Block Attribute
CVSS 6.4
CVE-2026-1373
MEDIUM
Easy Author Image Plugin <1.7 - XSS
CVSS 6.4
Details
Vulnerabilities
44,959
Exploit Likelihood
High