CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
44,962 vulnerabilities with CWE-79
CVE-2026-1843
HIGH
Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log
CVSS 7.2
CVE-2026-0550
MEDIUM
myCred < 2.9.7.3 - Authenticated Stored Cross-Site Scripting via mycred_load_coupon Shortcode
CVSS 6.4
CVE-2026-1985
MEDIUM
Press3D <= 1.0.2 - Authenticated Stored Cross-Site Scripting via 3D Model Block Link URL
CVSS 6.4
CVE-2026-1939
MEDIUM
Percent to Infograph <= 1.0 - Authenticated Stored Cross-Site Scripting via percent_to_graph Shortcode
CVSS 6.4
CVE-2026-1915
MEDIUM
Simple Plyr <= 0.0.1 - Authenticated Stored Cross-Site Scripting via Plyr Shortcode Poster Parameter
CVSS 6.4
CVE-2026-1910
MEDIUM
UpMenu - Online ordering for restaurants plugin <3.1 - XSS
CVSS 6.4
CVE-2026-1905
MEDIUM
WordPress Sphere Manager <1.0.2 - XSS
CVSS 6.4
CVE-2026-1903
MEDIUM
Ravelry Designs Widget <1.0.0 - XSS
CVSS 6.4
CVE-2026-1901
MEDIUM
QuestionPro Surveys <= 1.0 - Authenticated Stored Cross-Site Scripting via 'questionpro' Shortcode
CVSS 6.4
CVE-2026-1796
MEDIUM
StyleBidet <= 1.0.0 - Unauthenticated Reflected Cross-Site Scripting via URL Path
CVSS 6.1
CVE-2026-1795
MEDIUM
Address Bar Ads < 1.0.0 - Unauthenticated Reflected Cross-Site Scripting via URL Path
CVSS 6.1
CVE-2026-1792
MEDIUM
Geo Widget <= 1.0 - Unauthenticated Stored Cross-Site Scripting via URL Path
CVSS 6.1
CVE-2026-1187
MEDIUM
ZoomifyWP Free <= 1.1 - Authenticated Stored Cross-Site Scripting via Zoomify Shortcode Filename Parameter
CVSS 6.4
CVE-2026-1096
MEDIUM
Best-wp-google-map <= 2.1 - Authenticated Stored Cross-Site Scripting via Google Map View Shortcode Parameters
CVSS 6.4
CVE-2026-0753
HIGH
WordPress Super Simple Contact Form <1.6.2 - XSS
CVSS 7.2
CVE-2026-0751
MEDIUM
Stripe Payment Form <=1.4.6 - Authenticated Stored XSS via pricing_plan_select_text_font_family
CVSS 6.4
CVE-2026-0736
MEDIUM
Collect.chat WordPress Chatbot <= 2.4.8 - Authenticated Stored XSS via _inpost_head_script
CVSS 6.4
CVE-2026-0735
MEDIUM
User Language Switch <= 1.6.10 - Stored XSS via tab_color_picker_language_switch
CVSS 4.4
CVE-2026-0693
MEDIUM
Allow HTML in Category Descriptions <= 1.2.4 - Authenticated Stored Cross-Site Scripting via Category Descriptions
CVSS 4.4
CVE-2026-0559
MEDIUM
MasterStudy LMS WordPress Plugin <3.7.11 - XSS
CVSS 6.4
CVE-2026-0557
MEDIUM
WP Data Access < 5.5.63 - Authenticated Stored Cross-Site Scripting via wpda_app Shortcode
CVSS 6.4
CVE-2026-2027
MEDIUM
AMP Enhancer <= 1.0.49 - Authenticated Stored XSS via AMP Custom CSS
CVSS 4.4
CVE-2026-1912
MEDIUM
WordPress Citations tools plugin <0.3.2 - XSS
CVSS 6.4
CVE-2026-1904
MEDIUM
Simple Wp colorfull Accordion <1.0 - XSS
CVSS 6.4
CVE-2026-1754
MEDIUM
personal-authors-category <= 0.3 - Unauthenticated Reflected Cross-Site Scripting via URL Path
CVSS 6.1
Details
Vulnerabilities
44,962
Exploit Likelihood
High