CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 69 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-31903	WordPress Xv Random Quotes	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows Reflected XSS.This issue affects XV Random Quotes: from n/a through <= 2.0.0.
CVE-2025-31902	WordPress Social Share And Social Locker Arsocial	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Reflected XSS.This issue affects Social Share And Social Locker: from n/a through <= 1.4.1.
CVE-2025-31901	WordPress Wedesin Html Sitemap	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap wedesin-html-sitemap allows Reflected XSS.This issue affects Digihood HTML Sitemap: from n/a through <= 3.1.1.
CVE-2025-31900	WordPress Lexicata	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata lexicata allows Reflected XSS.This issue affects Lexicata: from n/a through <= 1.0.16.
CVE-2025-31899	WordPress Awesome Logos	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through <= 1.2.
CVE-2025-31898	WordPress Mediaview	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dustinscarberry MediaView mediaview allows Reflected XSS.This issue affects MediaView: from n/a through <= 1.1.2.
CVE-2025-31626	WordPress Ticket Help Desk System Lite	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite ticket-help-desk-system-lite allows Reflected XSS.This issue affects Support Helpdesk Ticket System Lite: from n/a through <= 4.5.2.
CVE-2025-31582	WordPress Contact Form Vcard Generator	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through <= 2.4.
CVE-2025-31573	WordPress Pepro Cf7 Database	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database pepro-cf7-database allows Stored XSS.This issue affects PeproDev CF7 Database: from n/a through <= 2.0.0.
CVE-2025-31536	WordPress Cf7 Spreadsheets	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Reflected XSS.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.
CVE-2025-31468	WordPress Wp Identicon	Hig	0.46	7.1	0.01	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottsm WP_Identicon wp-identicon allows Reflected XSS.This issue affects WP_Identicon: from n/a through <= 2.0.
CVE-2025-31467	WordPress Flickr Photostream	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miro.mannino Flickr Photostream flickr-photostream allows Reflected XSS.This issue affects Flickr Photostream: from n/a through <= 3.1.8.
CVE-2025-31442	WordPress Keywords Highlight Tool	Hig	0.46	7.1	0.01	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e1tekoap42 Search engine keywords highlighter keywords-highlight-tool allows Reflected XSS.This issue affects Search engine keywords highlighter: from n/a through <= 0.1.3.
CVE-2025-31436	WordPress Powerpress Multisite	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite allows Reflected XSS.This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a through <= 0.1.1.
CVE-2025-30858	WordPress Snow Storm	Hig	0.46	7.1	0.01	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm snow-storm allows Reflected XSS.This issue affects Snow Storm: from n/a through <= 1.4.6.
CVE-2025-30616	WordPress Latest Custom Post Type Updates	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Wood Latest Custom Post Type Updates latest-custom-post-type-updates allows Reflected XSS.This issue affects Latest Custom Post Type Updates: from n/a through <= 1.3.0.
CVE-2025-30611	WordPress Wptobe Signinup	Hig	0.46	7.1	0.00	Apr 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wptobe Wptobe-signinup wptobe-signinup allows Reflected XSS.This issue affects Wptobe-signinup: from n/a through <= 1.1.2.
CVE-2025-31594	WordPress Auto Scroll For Reading	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading auto-scroll-for-reading allows Reflected XSS.This issue affects Auto scroll for reading: from n/a through <= 1.1.4.
CVE-2025-31578	WordPress Fonts Manager Custom Fonts	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager \| Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager \| Custom Fonts: from n/a through <= 1.2.
CVE-2025-31571	WordPress The Logo Slider	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider the-logo-slider allows Reflected XSS.This issue affects The Logo Slider: from n/a through <= 1.0.0.

CVE-2025-31903HigApr 3, 2025
WordPress
Xv Random Quotes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows Reflected XSS.This issue affects XV Random Quotes: from n/a through <= 2.0.0.
CVE-2025-31902HigApr 3, 2025
WordPress
Social Share And Social Locker Arsocial
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Reflected XSS.This issue affects Social Share And Social Locker: from n/a through <= 1.4.1.
CVE-2025-31901HigApr 3, 2025
WordPress
Wedesin Html Sitemap
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digihood Digihood HTML Sitemap wedesin-html-sitemap allows Reflected XSS.This issue affects Digihood HTML Sitemap: from n/a through <= 3.1.1.
CVE-2025-31900HigApr 3, 2025
WordPress
Lexicata
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lexicata Lexicata lexicata allows Reflected XSS.This issue affects Lexicata: from n/a through <= 1.0.16.
CVE-2025-31899HigApr 3, 2025
WordPress
Awesome Logos
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through <= 1.2.
CVE-2025-31898HigApr 3, 2025
WordPress
Mediaview
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dustinscarberry MediaView mediaview allows Reflected XSS.This issue affects MediaView: from n/a through <= 1.1.2.
CVE-2025-31626HigApr 3, 2025
WordPress
Ticket Help Desk System Lite
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite ticket-help-desk-system-lite allows Reflected XSS.This issue affects Support Helpdesk Ticket System Lite: from n/a through <= 4.5.2.
CVE-2025-31582HigApr 3, 2025
WordPress
Contact Form Vcard Generator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani Contact Form vCard Generator contact-form-vcard-generator allows Stored XSS.This issue affects Contact Form vCard Generator: from n/a through <= 2.4.
CVE-2025-31573HigApr 3, 2025
WordPress
Pepro Cf7 Database
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev CF7 Database pepro-cf7-database allows Stored XSS.This issue affects PeproDev CF7 Database: from n/a through <= 2.0.0.
CVE-2025-31536HigApr 3, 2025
WordPress
Cf7 Spreadsheets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Reflected XSS.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.
CVE-2025-31468HigApr 3, 2025
WordPress
Wp Identicon
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottsm WP_Identicon wp-identicon allows Reflected XSS.This issue affects WP_Identicon: from n/a through <= 2.0.
CVE-2025-31467HigApr 3, 2025
WordPress
Flickr Photostream
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miro.mannino Flickr Photostream flickr-photostream allows Reflected XSS.This issue affects Flickr Photostream: from n/a through <= 3.1.8.
CVE-2025-31442HigApr 3, 2025
WordPress
Keywords Highlight Tool
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e1tekoap42 Search engine keywords highlighter keywords-highlight-tool allows Reflected XSS.This issue affects Search engine keywords highlighter: from n/a through <= 0.1.3.
CVE-2025-31436HigApr 3, 2025
WordPress
Powerpress Multisite
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato Blubrry PowerPress Podcasting plugin MultiSite add-on powerpress-multisite allows Reflected XSS.This issue affects Blubrry PowerPress Podcasting plugin MultiSite add-on: from n/a through <= 0.1.1.
CVE-2025-30858HigApr 3, 2025
WordPress
Snow Storm
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Snow Storm snow-storm allows Reflected XSS.This issue affects Snow Storm: from n/a through <= 1.4.6.
CVE-2025-30616HigApr 3, 2025
WordPress
Latest Custom Post Type Updates
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Wood Latest Custom Post Type Updates latest-custom-post-type-updates allows Reflected XSS.This issue affects Latest Custom Post Type Updates: from n/a through <= 1.3.0.
CVE-2025-30611HigApr 3, 2025
WordPress
Wptobe Signinup
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wptobe Wptobe-signinup wptobe-signinup allows Reflected XSS.This issue affects Wptobe-signinup: from n/a through <= 1.1.2.
CVE-2025-31594HigApr 1, 2025
WordPress
Auto Scroll For Reading
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading auto-scroll-for-reading allows Reflected XSS.This issue affects Auto scroll for reading: from n/a through <= 1.1.4.
CVE-2025-31578HigApr 1, 2025
WordPress
Fonts Manager Custom Fonts
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts fonts-manager-custom-fonts allows Reflected XSS.This issue affects Fonts Manager | Custom Fonts: from n/a through <= 1.2.
CVE-2025-31571HigApr 1, 2025
WordPress
The Logo Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider the-logo-slider allows Reflected XSS.This issue affects The Logo Slider: from n/a through <= 1.0.0.