CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 71 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-30852	WordPress Oracle Cards	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: from n/a through <= 1.2.1.
CVE-2025-30844	Kibokolabs Watu Quiz	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
CVE-2025-30778	WordPress V Form	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.1.9.
CVE-2025-30554	WordPress Frizzly	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through <= 1.1.0.
CVE-2025-30924	WordPress Primer Mydata	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through < 4.2.4.
CVE-2025-30917	WordPress Sku For Woocommerce	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through <= 1.6.2.
CVE-2025-30902	WordPress Aec Kiosque	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque aec-kiosque allows Reflected XSS.This issue affects AEC Kiosque: from n/a through <= 1.9.3.
CVE-2025-30869	WordPress Image Wall	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall image-wall allows Reflected XSS.This issue affects Image Wall: from n/a through <= 3.0.
CVE-2025-30848	WordPress Hostel	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.
CVE-2025-30840	WordPress Xili Dictionary	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through <= 2.12.5.
CVE-2025-30837	WordPress Woo Fattureincloud	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through <= 2.6.7.
CVE-2025-30827	—	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.5.
CVE-2025-30808	WordPress About Author	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through <= 1.6.2.
CVE-2025-30798	—	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Reflected XSS.This issue affects Better WishList API: from n/a through <= 1.1.4.
CVE-2025-30796	WordPress Wpextended	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 3.0.14.
CVE-2025-30794	WordPress Event Tickets	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Event Tickets event-tickets allows Reflected XSS.This issue affects Event Tickets: from n/a through <= 5.20.0.
CVE-2025-30614	WordPress Google Font Fix	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haozhe Xie Google Font Fix google-font-fix allows Reflected XSS.This issue affects Google Font Fix: from n/a through <= 2.3.1.
CVE-2025-30607	WordPress Quick Localization	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through <= 0.1.0.
CVE-2025-30579	WordPress Pesapal For Woocommerce	Hig	0.46	7.1	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakeii Pesapal Gateway for Woocommerce pesapal-for-woocommerce allows Reflected XSS.This issue affects Pesapal Gateway for Woocommerce: from n/a through <= 2.1.0.
CVE-2025-30563	WordPress Tidekey	Hig	0.46	7.1	0.00	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Tidekey tidekey allows Reflected XSS.This issue affects Tidekey: from n/a through <= 1.1.

CVE-2025-30852HigApr 1, 2025
WordPress
Oracle Cards
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite oracle-cards allows Reflected XSS.This issue affects Oracle Cards Lite: from n/a through <= 1.2.1.
CVE-2025-30844HigApr 1, 2025
Kibokolabs
Watu Quiz
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz watu allows Reflected XSS.This issue affects Watu Quiz: from n/a through <= 3.4.2.
CVE-2025-30778HigApr 1, 2025
WordPress
V Form
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VPSUForm v-form allows Reflected XSS.This issue affects VPSUForm: from n/a through <= 3.1.9.
CVE-2025-30554HigApr 1, 2025
WordPress
Frizzly
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through <= 1.1.0.
CVE-2025-30924HigApr 1, 2025
WordPress
Primer Mydata
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through < 4.2.4.
CVE-2025-30917HigApr 1, 2025
WordPress
Sku For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through <= 1.6.2.
CVE-2025-30902HigApr 1, 2025
WordPress
Aec Kiosque
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque aec-kiosque allows Reflected XSS.This issue affects AEC Kiosque: from n/a through <= 1.9.3.
CVE-2025-30869HigApr 1, 2025
WordPress
Image Wall
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall image-wall allows Reflected XSS.This issue affects Image Wall: from n/a through <= 3.0.
CVE-2025-30848HigApr 1, 2025
WordPress
Hostel
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.
CVE-2025-30840HigApr 1, 2025
WordPress
Xili Dictionary
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xili-dictionary: from n/a through <= 2.12.5.
CVE-2025-30837HigApr 1, 2025
WordPress
Woo Fattureincloud
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affects WooCommerce Fattureincloud: from n/a through <= 2.6.7.
CVE-2025-30827HigApr 1, 2025
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.5.
CVE-2025-30808HigApr 1, 2025
WordPress
About Author
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through <= 1.6.2.
CVE-2025-30798HigApr 1, 2025
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Reflected XSS.This issue affects Better WishList API: from n/a through <= 1.1.4.
CVE-2025-30796HigApr 1, 2025
WordPress
Wpextended
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 3.0.14.
CVE-2025-30794HigApr 1, 2025
WordPress
Event Tickets
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Event Tickets event-tickets allows Reflected XSS.This issue affects Event Tickets: from n/a through <= 5.20.0.
CVE-2025-30614HigApr 1, 2025
WordPress
Google Font Fix
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haozhe Xie Google Font Fix google-font-fix allows Reflected XSS.This issue affects Google Font Fix: from n/a through <= 2.3.1.
CVE-2025-30607HigApr 1, 2025
WordPress
Quick Localization
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through <= 0.1.0.
CVE-2025-30579HigApr 1, 2025
WordPress
Pesapal For Woocommerce
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakeii Pesapal Gateway for Woocommerce pesapal-for-woocommerce allows Reflected XSS.This issue affects Pesapal Gateway for Woocommerce: from n/a through <= 2.1.0.
CVE-2025-30563HigApr 1, 2025
WordPress
Tidekey
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Tidekey tidekey allows Reflected XSS.This issue affects Tidekey: from n/a through <= 1.1.