CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 70 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-31568	WordPress Wiredminds Leadlab	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds wiredminds-leadlab allows Reflected XSS.This issue affects LeadLab by wiredminds: from n/a through <= 1.3.
CVE-2025-31563	WordPress Open Ai Search Bar	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar open-ai-search-bar allows Stored XSS.This issue affects AI Search Bar: from n/a through <= 2.1.
CVE-2025-31548	WordPress Ultimate Push Notifications	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue affects Ultimate Push Notifications: from n/a through <= 1.2.0.
CVE-2025-31537	WordPress Bulk Noindex Nofollow Toolkit By Mad Fish	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through <= 2.16.
CVE-2025-31462	WordPress Cgm Event Calendar	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar cgm-event-calendar allows Reflected XSS.This issue affects CGM Event Calendar: from n/a through <= 0.8.5.
CVE-2025-31461	WordPress Nanosupport	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mayeenul Islam NanoSupport nanosupport allows Reflected XSS.This issue affects NanoSupport: from n/a through <= 0.6.0.
CVE-2025-31455	WordPress Limit Max Ips Per User	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit Max IPs Per User: from n/a through <= 1.5.
CVE-2025-31454	WordPress Delete Post Revision	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Delete Post Revision delete-post-revision allows Reflected XSS.This issue affects Delete Post Revision: from n/a through <= 1.1.
CVE-2025-31446	WordPress Wpcleaner	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner wpcleaner allows Reflected XSS.This issue affects WP Cleaner: from n/a through <= 1.1.5.
CVE-2025-31445	—	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a through <= 1.1.3.
CVE-2025-31441	WordPress Wp Galleria	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria wp-galleria allows Reflected XSS.This issue affects WordPress Galleria: from n/a through <= 1.4.
CVE-2025-31431	WordPress Wp Bookmarks	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in conlabz GmbH WP Bookmarks wp-bookmarks allows Reflected XSS.This issue affects WP Bookmarks: from n/a through <= 1.1.
CVE-2025-31086	WordPress Woo Product Tables	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product Table by WBW: from n/a through <= 2.1.4.
CVE-2025-31085	WordPress Xili Language	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows Reflected XSS.This issue affects xili-language: from n/a through <= 2.21.2.
CVE-2025-31081	WordPress Enable Media Replace	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through <= 4.1.5.
CVE-2025-31080	WordPress HTML Forms	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.1.
CVE-2025-31078	WordPress Small Package Quotes Wwe Edition	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.18.
CVE-2025-30913	WordPress Wp Access Areas	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a through <= 1.5.19.
CVE-2025-30906	WordPress Wc Checkout Getnet	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through <= 1.7.3.
CVE-2025-30905	WordPress Secure Copy Content Protection	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.4.3.

CVE-2025-31568HigApr 1, 2025
WordPress
Wiredminds Leadlab
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds wiredminds-leadlab allows Reflected XSS.This issue affects LeadLab by wiredminds: from n/a through <= 1.3.
CVE-2025-31563HigApr 1, 2025
WordPress
Open Ai Search Bar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vimal Kava AI Search Bar open-ai-search-bar allows Stored XSS.This issue affects AI Search Bar: from n/a through <= 2.1.
CVE-2025-31548HigApr 1, 2025
WordPress
Ultimate Push Notifications
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Reflected XSS.This issue affects Ultimate Push Notifications: from n/a through <= 1.2.0.
CVE-2025-31537HigApr 1, 2025
WordPress
Bulk Noindex Nofollow Toolkit By Mad Fish
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through <= 2.16.
CVE-2025-31462HigApr 1, 2025
WordPress
Cgm Event Calendar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar cgm-event-calendar allows Reflected XSS.This issue affects CGM Event Calendar: from n/a through <= 0.8.5.
CVE-2025-31461HigApr 1, 2025
WordPress
Nanosupport
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mayeenul Islam NanoSupport nanosupport allows Reflected XSS.This issue affects NanoSupport: from n/a through <= 0.6.0.
CVE-2025-31455HigApr 1, 2025
WordPress
Limit Max Ips Per User
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ralxz Limit Max IPs Per User limit-max-ips-per-user allows DOM-Based XSS.This issue affects Limit Max IPs Per User: from n/a through <= 1.5.
CVE-2025-31454HigApr 1, 2025
WordPress
Delete Post Revision
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly Delete Post Revision delete-post-revision allows Reflected XSS.This issue affects Delete Post Revision: from n/a through <= 1.1.
CVE-2025-31446HigApr 1, 2025
WordPress
Wpcleaner
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner wpcleaner allows Reflected XSS.This issue affects WP Cleaner: from n/a through <= 1.1.5.
CVE-2025-31445HigApr 1, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sed Lex Pages Order pages-order allows Reflected XSS.This issue affects Pages Order: from n/a through <= 1.1.3.
CVE-2025-31441HigApr 1, 2025
WordPress
Wp Galleria
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria wp-galleria allows Reflected XSS.This issue affects WordPress Galleria: from n/a through <= 1.4.
CVE-2025-31431HigApr 1, 2025
WordPress
Wp Bookmarks
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in conlabz GmbH WP Bookmarks wp-bookmarks allows Reflected XSS.This issue affects WP Bookmarks: from n/a through <= 1.1.
CVE-2025-31086HigApr 1, 2025
WordPress
Woo Product Tables
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product Table by WBW: from n/a through <= 2.1.4.
CVE-2025-31085HigApr 1, 2025
WordPress
Xili Language
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows Reflected XSS.This issue affects xili-language: from n/a through <= 2.21.2.
CVE-2025-31081HigApr 1, 2025
WordPress
Enable Media Replace
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through <= 4.1.5.
CVE-2025-31080HigApr 1, 2025
WordPress
HTML Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.1.
CVE-2025-31078HigApr 1, 2025
WordPress
Small Package Quotes Wwe Edition
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.18.
CVE-2025-30913HigApr 1, 2025
WordPress
Wp Access Areas
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from n/a through <= 1.5.19.
CVE-2025-30906HigApr 1, 2025
WordPress
Wc Checkout Getnet
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through <= 1.7.3.
CVE-2025-30905HigApr 1, 2025
WordPress
Secure Copy Content Protection
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.4.3.