CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 68 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-31378	—	Hig	0.46	7.1	0.00	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1.
CVE-2025-31028	—	Hig	0.46	7.1	0.00	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huseyin Berberoglu WP Hide Categories wp-hide-categories allows Reflected XSS.This issue affects WP Hide Categories: from n/a through <= 1.0.
CVE-2025-31021	—	Hig	0.46	7.1	0.00	Apr 11, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart mobile-smart allows Reflected XSS.This issue affects Mobile Smart: from n/a through <= v1.3.16.
CVE-2025-27350	WordPress Vice Versa	Hig	0.46	7.1	0.00	Apr 10, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa vice-versa allows Reflected XSS.This issue affects Vice Versa: from n/a through <= 2.2.3.
CVE-2025-32116	WordPress Qr Master	Hig	0.46	7.1	0.00	Apr 10, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master qr-master allows Reflected XSS.This issue affects QR Master: from n/a through <= 1.0.5.
CVE-2025-32115	WordPress Popping Content Light	Hig	0.46	7.1	0.00	Apr 10, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light popping-content-light allows Reflected XSS.This issue affects Popping Content Light: from n/a through <= 2.4.
CVE-2025-32114	—	Hig	0.46	7.1	0.00	Apr 10, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist WordPress 5sterrenspecialist Plugin 5-sterrenspecialist allows Reflected XSS.This issue affects WordPress 5sterrenspecialist Plugin: from n/a through <= 1.4.
CVE-2025-32581	WordPress Cf7 Manual Spam Blocker	Hig	0.46	7.1	0.00	Apr 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through <= 2.0.5.
CVE-2025-32580	—	Hig	0.46	7.1	0.01	Apr 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Stored XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.7.1.
CVE-2025-32570	WordPress Chillpay Payment Gateway	Hig	0.46	7.1	0.01	Apr 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce chillpay-payment-gateway allows Stored XSS.This issue affects ChillPay WooCommerce: from n/a through <= 2.5.3.
CVE-2025-32543	WordPress Canonical Attachments	Hig	0.46	7.1	0.01	Apr 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments canonical-attachments allows Reflected XSS.This issue affects Canonical Attachments: from n/a through <= 1.8.
CVE-2025-32503	WordPress Link Shield	Hig	0.46	7.1	0.01	Apr 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a through <= 0.5.4.
CVE-2025-31394	WordPress More Mime Type Filters	Hig	0.46	7.1	0.01	Apr 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affects More Mime Type Filters: from n/a through <= 0.3.
CVE-2025-32117	WordPress Widgetize Pages Light	Hig	0.46	7.1	0.00	Apr 8, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-31418	WordPress Gravel	Hig	0.46	7.1	0.00	Apr 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.
CVE-2025-31416	WordPress Awesome Event Booking	Hig	0.46	7.1	0.00	Apr 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.8.4.
CVE-2025-31389	WordPress Sequel	Hig	0.46	7.1	0.00	Apr 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Introvoke Inc. dba Sequel.io Sequel sequel allows Reflected XSS.This issue affects Sequel: from n/a through <= 1.0.11.
CVE-2025-22282	WordPress Ez Form Calculator Premium	Hig	0.46	7.1	0.00	Apr 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keksdieb ez Form Calculator Premium ez-form-calculator-premium allows Reflected XSS.This issue affects ez Form Calculator Premium: from n/a through <= 2.14.1.2.
CVE-2025-31907	WordPress Team Display	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder team-display allows Reflected XSS.This issue affects Team Builder: from n/a through <= 1.3.
CVE-2025-31905	WordPress Team Rosters	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O'Donnell Team Rosters team-rosters allows Reflected XSS.This issue affects Team Rosters: from n/a through <= 4.7.

CVE-2025-31378HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in danbwb Oppso Unit Converter oppso-unit-converter allows Reflected XSS.This issue affects Oppso Unit Converter: from n/a through <= 1.1.1.
CVE-2025-31028HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huseyin Berberoglu WP Hide Categories wp-hide-categories allows Reflected XSS.This issue affects WP Hide Categories: from n/a through <= 1.0.
CVE-2025-31021HigApr 11, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart mobile-smart allows Reflected XSS.This issue affects Mobile Smart: from n/a through <= v1.3.16.
CVE-2025-27350HigApr 10, 2025
WordPress
Vice Versa
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa vice-versa allows Reflected XSS.This issue affects Vice Versa: from n/a through <= 2.2.3.
CVE-2025-32116HigApr 10, 2025
WordPress
Qr Master
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studi7 QR Master qr-master allows Reflected XSS.This issue affects QR Master: from n/a through <= 1.0.5.
CVE-2025-32115HigApr 10, 2025
WordPress
Popping Content Light
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Popping Content Light popping-content-light allows Reflected XSS.This issue affects Popping Content Light: from n/a through <= 2.4.
CVE-2025-32114HigApr 10, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5sterrenspecialist WordPress 5sterrenspecialist Plugin 5-sterrenspecialist allows Reflected XSS.This issue affects WordPress 5sterrenspecialist Plugin: from n/a through <= 1.4.
CVE-2025-32581HigApr 9, 2025
WordPress
Cf7 Manual Spam Blocker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker cf7-manual-spam-blocker allows Stored XSS.This issue affects WordPress Spam Blocker: from n/a through <= 2.0.5.
CVE-2025-32580HigApr 9, 2025
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in debounce DeBounce Email Validator debounce-io-email-validator allows Stored XSS.This issue affects DeBounce Email Validator: from n/a through <= 5.7.1.
CVE-2025-32570HigApr 9, 2025
WordPress
Chillpay Payment Gateway
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChillPay ChillPay WooCommerce chillpay-payment-gateway allows Stored XSS.This issue affects ChillPay WooCommerce: from n/a through <= 2.5.3.
CVE-2025-32543HigApr 9, 2025
WordPress
Canonical Attachments
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments canonical-attachments allows Reflected XSS.This issue affects Canonical Attachments: from n/a through <= 1.8.
CVE-2025-32503HigApr 9, 2025
WordPress
Link Shield
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a through <= 0.5.4.
CVE-2025-31394HigApr 9, 2025
WordPress
More Mime Type Filters
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affects More Mime Type Filters: from n/a through <= 0.3.
CVE-2025-32117HigApr 8, 2025
WordPress
Widgetize Pages Light
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-31418HigApr 4, 2025
WordPress
Gravel
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.
CVE-2025-31416HigApr 4, 2025
WordPress
Awesome Event Booking
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.8.4.
CVE-2025-31389HigApr 4, 2025
WordPress
Sequel
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Introvoke Inc. dba Sequel.io Sequel sequel allows Reflected XSS.This issue affects Sequel: from n/a through <= 1.0.11.
CVE-2025-22282HigApr 4, 2025
WordPress
Ez Form Calculator Premium
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keksdieb ez Form Calculator Premium ez-form-calculator-premium allows Reflected XSS.This issue affects ez Form Calculator Premium: from n/a through <= 2.14.1.2.
CVE-2025-31907HigApr 3, 2025
WordPress
Team Display
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder team-display allows Reflected XSS.This issue affects Team Builder: from n/a through <= 1.3.
CVE-2025-31905HigApr 3, 2025
WordPress
Team Rosters
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O'Donnell Team Rosters team-rosters allows Reflected XSS.This issue affects Team Rosters: from n/a through <= 4.7.