CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 73 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-28924	WordPress Zenphotopress	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through <= 1.8.
CVE-2025-28921	WordPress Spatialmatch Free Lifestyle Search	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Reflected XSS.This issue affects SpatialMatch IDX: from n/a through <= 3.0.9.
CVE-2025-28917	WordPress Custom Smilies Se	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazyloong Custom Smilies custom-smilies-se allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 2.9.2.
CVE-2025-28911	WordPress Gf2pdf	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF gf2pdf allows Reflected XSS.This issue affects Gravity 2 PDF: from n/a through <= 3.1.3.
CVE-2025-28903	WordPress Ddirections	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hectorgarrofe Driving Directions ddirections allows Reflected XSS.This issue affects Driving Directions: from n/a through <= 1.4.4.
CVE-2025-28899	WordPress Wpeventticketing	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toddhuish WP Event Ticketing wpeventticketing allows Reflected XSS.This issue affects WP Event Ticketing: from n/a through <= 1.3.4.
CVE-2025-28890	WordPress Lightview Plus	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through <= 3.1.3.
CVE-2025-28889	WordPress Custom Product Stickers For Woocommerce	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in starblank Custom Product Stickers for Woocommerce custom-product-stickers-for-woocommerce allows Reflected XSS.This issue affects Custom Product Stickers for Woocommerce: from n/a through <= 1.9.0.
CVE-2025-28882	WordPress Omnify Widget	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omnify, Inc. Omnify omnify-widget allows Reflected XSS.This issue affects Omnify: from n/a through <= 2.0.3.
CVE-2025-28880	WordPress Blue Captcha	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jotis Blue Captcha blue-captcha allows Reflected XSS.This issue affects Blue Captcha: from n/a through <= 1.7.4.
CVE-2025-28877	WordPress Key4ce Osticket Bridge	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in m.tiggelaar Key4ce osTicket Bridge key4ce-osticket-bridge allows Reflected XSS.This issue affects Key4ce osTicket Bridge: from n/a through <= 1.4.0.
CVE-2025-28869	WordPress Nextgen Gallery Voting	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shauno NextGEN Gallery Voting nextgen-gallery-voting allows Reflected XSS.This issue affects NextGEN Gallery Voting: from n/a through <= 2.7.6.
CVE-2025-28865	WordPress Wp Colorful Tag Cloud	Hig	0.46	7.1	0.01	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through <= 2.0.1.
CVE-2025-28858	WordPress Ap Google Maps	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from n/a through <= 1.0.9.
CVE-2025-28855	WordPress Teleport	Hig	0.46	7.1	0.01	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4.
CVE-2025-27267	WordPress Random Quotes	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through <= 1.3.
CVE-2025-27014	WordPress Hostiko	Hig	0.46	7.1	0.01	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1.
CVE-2025-26584	WordPress Tb Testimonials	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Travis Ballard TBTestimonials tb-testimonials allows Reflected XSS.This issue affects TBTestimonials: from n/a through <= 1.7.3.
CVE-2025-26583	WordPress Video Share Vod	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through <= 2.7.9.
CVE-2025-26581	WordPress Picture Gallery	Hig	0.46	7.1	0.00	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Picture Gallery picture-gallery allows Reflected XSS.This issue affects Picture Gallery: from n/a through <= 1.6.3.

CVE-2025-28924HigMar 26, 2025
WordPress
Zenphotopress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through <= 1.8.
CVE-2025-28921HigMar 26, 2025
WordPress
Spatialmatch Free Lifestyle Search
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Reflected XSS.This issue affects SpatialMatch IDX: from n/a through <= 3.0.9.
CVE-2025-28917HigMar 26, 2025
WordPress
Custom Smilies Se
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazyloong Custom Smilies custom-smilies-se allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 2.9.2.
CVE-2025-28911HigMar 26, 2025
WordPress
Gf2pdf
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF gf2pdf allows Reflected XSS.This issue affects Gravity 2 PDF: from n/a through <= 3.1.3.
CVE-2025-28903HigMar 26, 2025
WordPress
Ddirections
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hectorgarrofe Driving Directions ddirections allows Reflected XSS.This issue affects Driving Directions: from n/a through <= 1.4.4.
CVE-2025-28899HigMar 26, 2025
WordPress
Wpeventticketing
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toddhuish WP Event Ticketing wpeventticketing allows Reflected XSS.This issue affects WP Event Ticketing: from n/a through <= 1.3.4.
CVE-2025-28890HigMar 26, 2025
WordPress
Lightview Plus
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Lightview Plus lightview-plus allows Reflected XSS.This issue affects Lightview Plus: from n/a through <= 3.1.3.
CVE-2025-28889HigMar 26, 2025
WordPress
Custom Product Stickers For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in starblank Custom Product Stickers for Woocommerce custom-product-stickers-for-woocommerce allows Reflected XSS.This issue affects Custom Product Stickers for Woocommerce: from n/a through <= 1.9.0.
CVE-2025-28882HigMar 26, 2025
WordPress
Omnify Widget
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omnify, Inc. Omnify omnify-widget allows Reflected XSS.This issue affects Omnify: from n/a through <= 2.0.3.
CVE-2025-28880HigMar 26, 2025
WordPress
Blue Captcha
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jotis Blue Captcha blue-captcha allows Reflected XSS.This issue affects Blue Captcha: from n/a through <= 1.7.4.
CVE-2025-28877HigMar 26, 2025
WordPress
Key4ce Osticket Bridge
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in m.tiggelaar Key4ce osTicket Bridge key4ce-osticket-bridge allows Reflected XSS.This issue affects Key4ce osTicket Bridge: from n/a through <= 1.4.0.
CVE-2025-28869HigMar 26, 2025
WordPress
Nextgen Gallery Voting
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shauno NextGEN Gallery Voting nextgen-gallery-voting allows Reflected XSS.This issue affects NextGEN Gallery Voting: from n/a through <= 2.7.6.
CVE-2025-28865HigMar 26, 2025
WordPress
Wp Colorful Tag Cloud
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud wp-colorful-tag-cloud allows Reflected XSS.This issue affects WP Colorful Tag Cloud: from n/a through <= 2.0.1.
CVE-2025-28858HigMar 26, 2025
WordPress
Ap Google Maps
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from n/a through <= 1.0.9.
CVE-2025-28855HigMar 26, 2025
WordPress
Teleport
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Teleport teleport allows Reflected XSS.This issue affects Teleport: from n/a through <= 1.2.4.
CVE-2025-27267HigMar 26, 2025
WordPress
Random Quotes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through <= 1.3.
CVE-2025-27014HigMar 26, 2025
WordPress
Hostiko
risk 0.46cvss 7.1epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1.
CVE-2025-26584HigMar 26, 2025
WordPress
Tb Testimonials
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Travis Ballard TBTestimonials tb-testimonials allows Reflected XSS.This issue affects TBTestimonials: from n/a through <= 1.7.3.
CVE-2025-26583HigMar 26, 2025
WordPress
Video Share Vod
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Video Share VOD video-share-vod allows Reflected XSS.This issue affects Video Share VOD: from n/a through <= 2.7.9.
CVE-2025-26581HigMar 26, 2025
WordPress
Picture Gallery
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Picture Gallery picture-gallery allows Reflected XSS.This issue affects Picture Gallery: from n/a through <= 1.6.3.