CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 77 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-26563	WordPress Rocket Wp Mobile	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Muneeb Mobile rocket-wp-mobile allows Reflected XSS.This issue affects Mobile: from n/a through <= 1.3.3.
CVE-2025-26557	WordPress Viperbar	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viperchill ViperBar viperbar allows Reflected XSS.This issue affects ViperBar: from n/a through <= 2.0.
CVE-2025-25170	WordPress Migrate Post	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Migrate Posts migrate-post allows Reflected XSS.This issue affects Migrate Posts: from n/a through <= 1.0.
CVE-2025-25169	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through <= 1.2.
CVE-2025-25165	WordPress Staff Directory Pro	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through <= 4.3.
CVE-2025-25164	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuichiro ABE Meta Accelerator meta-accelerator allows Reflected XSS.This issue affects Meta Accelerator: from n/a through <= 1.0.4.
CVE-2025-25161	WordPress Wp Find Your Nearest	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest wp-find-your-nearest allows Reflected XSS.This issue affects WP Find Your Nearest: from n/a through <= 0.3.1.
CVE-2025-25158	WordPress Uncomplicated Seo	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antonio Sanchez Uncomplicated SEO uncomplicated-seo allows Reflected XSS.This issue affects Uncomplicated SEO: from n/a through <= 1.2.
CVE-2025-25157	WordPress Wp Church Center	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpchurchteam WP Church Center wp-church-center allows Reflected XSS.This issue affects WP Church Center: from n/a through <= 1.3.3.
CVE-2025-25142	WordPress Wp Less Compiler	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Jake Group WP Less Compiler wp-less-compiler allows Stored XSS.This issue affects WP Less Compiler: from n/a through <= 1.3.0.
CVE-2025-25133	WordPress Wp Frontend Submit	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: from n/a through <= 1.1.0.
CVE-2025-25132	WordPress Visitors Details	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details: from n/a through <= 1.0.1.
CVE-2025-25129	WordPress Callback Request	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a through 1.4.
CVE-2025-25127	WordPress Contact Us By Lord Linus	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohitashv Singhal Contact Us By Lord Linus contact-us-by-lord-linus allows Reflected XSS.This issue affects Contact Us By Lord Linus: from n/a through <= 2.6.
CVE-2025-25124	WordPress Fb Status Updater	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater fb-status-updater allows Reflected XSS.This issue affects Status Updater: from n/a through <= 1.9.2.
CVE-2025-25119	WordPress Woo Oscommerce Sync	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through <= 2.0.20.
CVE-2025-25118	WordPress Wpoptin	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.8.
CVE-2025-25114	WordPress User Roles	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through <= 1.0.
CVE-2025-25113	WordPress Implied Cookie Consent	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senktec Implied Cookie Consent implied-cookie-consent allows Reflected XSS.This issue affects Implied Cookie Consent: from n/a through <= 1.3.
CVE-2025-25108	WordPress Shalom World Media Gallery	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus shalom-world-media-gallery allows Reflected XSS.This issue affects SW Plus: from n/a through <= 2.1.

CVE-2025-26563HigMar 3, 2025
WordPress
Rocket Wp Mobile
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Muneeb Mobile rocket-wp-mobile allows Reflected XSS.This issue affects Mobile: from n/a through <= 1.3.3.
CVE-2025-26557HigMar 3, 2025
WordPress
Viperbar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viperchill ViperBar viperbar allows Reflected XSS.This issue affects ViperBar: from n/a through <= 2.0.
CVE-2025-25170HigMar 3, 2025
WordPress
Migrate Post
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DotsquaresLtd Migrate Posts migrate-post allows Reflected XSS.This issue affects Migrate Posts: from n/a through <= 1.0.
CVE-2025-25169HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through <= 1.2.
CVE-2025-25165HigMar 3, 2025
WordPress
Staff Directory Pro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richardgabriel Staff Directory Plugin: Company Directory staff-directory-pro allows Stored XSS.This issue affects Staff Directory Plugin: Company Directory: from n/a through <= 4.3.
CVE-2025-25164HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuichiro ABE Meta Accelerator meta-accelerator allows Reflected XSS.This issue affects Meta Accelerator: from n/a through <= 1.0.4.
CVE-2025-25161HigMar 3, 2025
WordPress
Wp Find Your Nearest
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest wp-find-your-nearest allows Reflected XSS.This issue affects WP Find Your Nearest: from n/a through <= 0.3.1.
CVE-2025-25158HigMar 3, 2025
WordPress
Uncomplicated Seo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antonio Sanchez Uncomplicated SEO uncomplicated-seo allows Reflected XSS.This issue affects Uncomplicated SEO: from n/a through <= 1.2.
CVE-2025-25157HigMar 3, 2025
WordPress
Wp Church Center
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpchurchteam WP Church Center wp-church-center allows Reflected XSS.This issue affects WP Church Center: from n/a through <= 1.3.3.
CVE-2025-25142HigMar 3, 2025
WordPress
Wp Less Compiler
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Jake Group WP Less Compiler wp-less-compiler allows Stored XSS.This issue affects WP Less Compiler: from n/a through <= 1.3.0.
CVE-2025-25133HigMar 3, 2025
WordPress
Wp Frontend Submit
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in newbiesup WP Frontend Submit wp-frontend-submit allows Reflected XSS.This issue affects WP Frontend Submit: from n/a through <= 1.1.0.
CVE-2025-25132HigMar 3, 2025
WordPress
Visitors Details
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ravi Singh Visitor Details visitors-details allows Stored XSS.This issue affects Visitor Details: from n/a through <= 1.0.1.
CVE-2025-25129HigMar 3, 2025
WordPress
Callback Request
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a through 1.4.
CVE-2025-25127HigMar 3, 2025
WordPress
Contact Us By Lord Linus
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohitashv Singhal Contact Us By Lord Linus contact-us-by-lord-linus allows Reflected XSS.This issue affects Contact Us By Lord Linus: from n/a through <= 2.6.
CVE-2025-25124HigMar 3, 2025
WordPress
Fb Status Updater
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater fb-status-updater allows Reflected XSS.This issue affects Status Updater: from n/a through <= 1.9.2.
CVE-2025-25119HigMar 3, 2025
WordPress
Woo Oscommerce Sync
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through <= 2.0.20.
CVE-2025-25118HigMar 3, 2025
WordPress
Wpoptin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Danish Ali Malik Top Bar – PopUps – by WPOptin wpoptin allows Reflected XSS.This issue affects Top Bar – PopUps – by WPOptin: from n/a through <= 2.0.8.
CVE-2025-25114HigMar 3, 2025
WordPress
User Roles
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through <= 1.0.
CVE-2025-25113HigMar 3, 2025
WordPress
Implied Cookie Consent
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senktec Implied Cookie Consent implied-cookie-consent allows Reflected XSS.This issue affects Implied Cookie Consent: from n/a through <= 1.3.
CVE-2025-25108HigMar 3, 2025
WordPress
Shalom World Media Gallery
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus shalom-world-media-gallery allows Reflected XSS.This issue affects SW Plus: from n/a through <= 2.1.