CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 74 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-26579	—	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper MicroPayments paid-membership allows Reflected XSS.This issue affects MicroPayments: from n/a through <= 3.2.4.
CVE-2025-26576	WordPress Wp Simple Slideshow	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in takumin WP Simple Slideshow wp-simple-slideshow allows Reflected XSS.This issue affects WP Simple Slideshow: from n/a through <= 1.0.
CVE-2025-26575	WordPress Display Post Meta	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Maurer Display Post Meta display-post-meta allows Reflected XSS.This issue affects Display Post Meta: from n/a through <= 2.4.4.
CVE-2025-26573	WordPress Rizzi Guestbook	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JamRizzi Technologies Rizzi Guestbook rizzi-guestbook allows Reflected XSS.This issue affects Rizzi Guestbook: from n/a through <= 4.0.1.
CVE-2025-26566	WordPress In Stock Mailer For Woocommerce	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank In Stock Mailer for WooCommerce in-stock-mailer-for-woocommerce allows Reflected XSS.This issue affects In Stock Mailer for WooCommerce: from n/a through <= 2.1.1.
CVE-2025-26565	WordPress Gnupress	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUPress gnupress allows Reflected XSS.This issue affects GNUPress: from n/a through <= 0.2.9.
CVE-2025-26564	WordPress Gnucommerce	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUCommerce gnucommerce allows Reflected XSS.This issue affects GNUCommerce: from n/a through <= 1.5.4.
CVE-2025-26560	WordPress Wp Contact Form Iii	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KKWangen WP Contact Form III wp-contact-form-iii allows Reflected XSS.This issue affects WP Contact Form III: from n/a through <= 1.6.2d.
CVE-2025-26546	WordPress Cookies Pro	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelpro Cookies Pro cookies-pro allows Reflected XSS.This issue affects Cookies Pro: from n/a through <= 1.0.
CVE-2025-26544	WordPress Cf7 Utm Tracking	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max K UTM tags tracking for Contact Form 7 cf7-utm-tracking allows Reflected XSS.This issue affects UTM tags tracking for Contact Form 7: from n/a through <= 2.1.
CVE-2025-26542	WordPress Zalo Live Chat	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dang Ngoc Binh Zalo Live Chat zalo-live-chat allows Reflected XSS.This issue affects Zalo Live Chat: from n/a through <= 1.1.0.
CVE-2025-26541	WordPress Woo Altcoin Payment Gateway	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through <= 1.7.6.
CVE-2025-26536	WordPress Another Events Calendar	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yendif Player Another Events Calendar another-events-calendar allows Reflected XSS.This issue affects Another Events Calendar: from n/a through <= 1.7.0.
CVE-2025-25134	WordPress Wordpress Theme Demo Bar	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through <= 1.6.3.
CVE-2025-23964	WordPress Google Plus Google	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajitae Google Plus google-plus-google allows Reflected XSS.This issue affects Google Plus: from n/a through <= 1.0.2.
CVE-2025-23735	WordPress Infugrator	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through <= 1.0.3.
CVE-2025-23728	WordPress Aumenu	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in atelierhyper AuMenu aumenu allows Reflected XSS.This issue affects AuMenu: from n/a through <= 1.1.5.
CVE-2025-23714	WordPress Appreview	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podspod AppReview appreview allows Reflected XSS.This issue affects AppReview: from n/a through <= 0.2.9.
CVE-2025-23704	WordPress Your Lightbox	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through <= 1.0.
CVE-2025-23680	—	Hig	0.46	7.1	Mar 26, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Narnoo Narnoo Operator narnoo-shortcodes allows Reflected XSS.This issue affects Narnoo Operator: from n/a through <= 2.0.0.

CVE-2025-26579HigMar 26, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper MicroPayments paid-membership allows Reflected XSS.This issue affects MicroPayments: from n/a through <= 3.2.4.
CVE-2025-26576HigMar 26, 2025
WordPress
Wp Simple Slideshow
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in takumin WP Simple Slideshow wp-simple-slideshow allows Reflected XSS.This issue affects WP Simple Slideshow: from n/a through <= 1.0.
CVE-2025-26575HigMar 26, 2025
WordPress
Display Post Meta
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Maurer Display Post Meta display-post-meta allows Reflected XSS.This issue affects Display Post Meta: from n/a through <= 2.4.4.
CVE-2025-26573HigMar 26, 2025
WordPress
Rizzi Guestbook
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JamRizzi Technologies Rizzi Guestbook rizzi-guestbook allows Reflected XSS.This issue affects Rizzi Guestbook: from n/a through <= 4.0.1.
CVE-2025-26566HigMar 26, 2025
WordPress
In Stock Mailer For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank In Stock Mailer for WooCommerce in-stock-mailer-for-woocommerce allows Reflected XSS.This issue affects In Stock Mailer for WooCommerce: from n/a through <= 2.1.1.
CVE-2025-26565HigMar 26, 2025
WordPress
Gnupress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUPress gnupress allows Reflected XSS.This issue affects GNUPress: from n/a through <= 0.2.9.
CVE-2025-26564HigMar 26, 2025
WordPress
Gnucommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUCommerce gnucommerce allows Reflected XSS.This issue affects GNUCommerce: from n/a through <= 1.5.4.
CVE-2025-26560HigMar 26, 2025
WordPress
Wp Contact Form Iii
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KKWangen WP Contact Form III wp-contact-form-iii allows Reflected XSS.This issue affects WP Contact Form III: from n/a through <= 1.6.2d.
CVE-2025-26546HigMar 26, 2025
WordPress
Cookies Pro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelpro Cookies Pro cookies-pro allows Reflected XSS.This issue affects Cookies Pro: from n/a through <= 1.0.
CVE-2025-26544HigMar 26, 2025
WordPress
Cf7 Utm Tracking
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max K UTM tags tracking for Contact Form 7 cf7-utm-tracking allows Reflected XSS.This issue affects UTM tags tracking for Contact Form 7: from n/a through <= 2.1.
CVE-2025-26542HigMar 26, 2025
WordPress
Zalo Live Chat
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dang Ngoc Binh Zalo Live Chat zalo-live-chat allows Reflected XSS.This issue affects Zalo Live Chat: from n/a through <= 1.1.0.
CVE-2025-26541HigMar 26, 2025
WordPress
Woo Altcoin Payment Gateway
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through <= 1.7.6.
CVE-2025-26536HigMar 26, 2025
WordPress
Another Events Calendar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yendif Player Another Events Calendar another-events-calendar allows Reflected XSS.This issue affects Another Events Calendar: from n/a through <= 1.7.0.
CVE-2025-25134HigMar 26, 2025
WordPress
Wordpress Theme Demo Bar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through <= 1.6.3.
CVE-2025-23964HigMar 26, 2025
WordPress
Google Plus Google
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajitae Google Plus google-plus-google allows Reflected XSS.This issue affects Google Plus: from n/a through <= 1.0.2.
CVE-2025-23735HigMar 26, 2025
WordPress
Infugrator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through <= 1.0.3.
CVE-2025-23728HigMar 26, 2025
WordPress
Aumenu
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in atelierhyper AuMenu aumenu allows Reflected XSS.This issue affects AuMenu: from n/a through <= 1.1.5.
CVE-2025-23714HigMar 26, 2025
WordPress
Appreview
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podspod AppReview appreview allows Reflected XSS.This issue affects AppReview: from n/a through <= 0.2.9.
CVE-2025-23704HigMar 26, 2025
WordPress
Your Lightbox
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through <= 1.0.
CVE-2025-23680HigMar 26, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Narnoo Narnoo Operator narnoo-shortcodes allows Reflected XSS.This issue affects Narnoo Operator: from n/a through <= 2.0.0.