CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 67 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-26743	—	Hig	0.46	7.1	Apr 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance WP Query Search Filter: from n/a through <= 1.0.10.
CVE-2025-32632	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP automatic-ban-ip allows Reflected XSS.This issue affects Automatic Ban IP: from n/a through <= 1.0.7.
CVE-2025-32601	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit Card Payments: from n/a through <= 2.1.2.
CVE-2025-32600	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through <= 4.7.0.
CVE-2025-32599	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler task-scheduler allows Reflected XSS.This issue affects Task Scheduler: from n/a through <= 1.6.3.
CVE-2025-32598	Wptablebuilder Wp Table Builder	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP Table Builder: from n/a through <= 2.0.5.
CVE-2025-32586	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce aba-payway-woocommerce-payment-gateway allows Reflected XSS.This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through <= 2.1.4.
CVE-2025-32553	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
CVE-2025-32551	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Reflected XSS.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <= 1.0.8.
CVE-2025-32541	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report woocommerce-mis-report allows Reflected XSS.This issue affects WooCommerce Sales MIS Report: from n/a through <= 4.0.3.
CVE-2025-32539	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows Reflected XSS.This issue affects Store Exporter: from n/a through <= 2.7.4.
CVE-2025-32538	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows Reflected XSS.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.
CVE-2025-32537	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates lock-your-updates allows Reflected XSS.This issue affects Lock Your Updates: from n/a through <= 1.1.
CVE-2025-32536	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist html5-video-player-with-playlist allows Reflected XSS.This issue affects HTML5 Video Player with Playlist: from n/a through <= 2.50.
CVE-2025-32534	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video from Vimeo & Youtube: from n/a through <= 3.2.2.
CVE-2025-32525	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through <= 1.6.24.
CVE-2025-32524	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through <= 2.9.1.
CVE-2025-32523	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in payphone WooCommerce – Payphone Gateway wc-payphone-gateway allows Reflected XSS.This issue affects WooCommerce – Payphone Gateway: from n/a through <= 3.2.0.
CVE-2025-32517	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer scand-multi-mailer allows Reflected XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
CVE-2025-31379	—	Hig	0.46	7.1	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0.

CVE-2025-26743HigApr 15, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC.K Advance WP Query Search Filter advance-wp-query-search-filter allows Reflected XSS.This issue affects Advance WP Query Search Filter: from n/a through <= 1.0.10.
CVE-2025-32632HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Automatic Ban IP automatic-ban-ip allows Reflected XSS.This issue affects Automatic Ban IP: from n/a through <= 1.0.7.
CVE-2025-32601HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit Card Payments: from n/a through <= 2.1.2.
CVE-2025-32600HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through <= 4.7.0.
CVE-2025-32599HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler task-scheduler allows Reflected XSS.This issue affects Task Scheduler: from n/a through <= 1.6.3.
CVE-2025-32598HigApr 11, 2025
Wptablebuilder
Wp Table Builder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP Table Builder: from n/a through <= 2.0.5.
CVE-2025-32586HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABA Bank ABA PayWay Payment Gateway for WooCommerce aba-payway-woocommerce-payment-gateway allows Reflected XSS.This issue affects ABA PayWay Payment Gateway for WooCommerce: from n/a through <= 2.1.4.
CVE-2025-32553HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
CVE-2025-32551HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Reflected XSS.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <= 1.0.8.
CVE-2025-32541HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin WooCommerce Sales MIS Report woocommerce-mis-report allows Reflected XSS.This issue affects WooCommerce Sales MIS Report: from n/a through <= 4.0.3.
CVE-2025-32539HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows Reflected XSS.This issue affects Store Exporter: from n/a through <= 2.7.4.
CVE-2025-32538HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows Reflected XSS.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.
CVE-2025-32537HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Lock Your Updates lock-your-updates allows Reflected XSS.This issue affects Lock Your Updates: from n/a through <= 1.1.
CVE-2025-32536HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Video Player with Playlist html5-video-player-with-playlist allows Reflected XSS.This issue affects HTML5 Video Player with Playlist: from n/a through <= 2.50.
CVE-2025-32534HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Workbox Workbox Video from Vimeo & Youtube workbox-video-from-vimeo-youtube-plugin allows Reflected XSS.This issue affects Workbox Video from Vimeo & Youtube: from n/a through <= 3.2.2.
CVE-2025-32525HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through <= 1.6.24.
CVE-2025-32524HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through <= 2.9.1.
CVE-2025-32523HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in payphone WooCommerce – Payphone Gateway wc-payphone-gateway allows Reflected XSS.This issue affects WooCommerce – Payphone Gateway: from n/a through <= 3.2.0.
CVE-2025-32517HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SCAND MultiMailer scand-multi-mailer allows Reflected XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
CVE-2025-31379HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in programphases Insert HTML Here insert-html-here allows Reflected XSS.This issue affects Insert HTML Here: from n/a through <= 1.0.