CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 79 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23814	WordPress Crudlab Facebook Like Box	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Like Box crudlab-facebook-like-box allows Reflected XSS.This issue affects CRUDLab Like Box: from n/a through <= 2.0.9.
CVE-2025-23813	WordPress Guten Free Options	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tony Hayes Guten Free Options guten-free-options allows Reflected XSS.This issue affects Guten Free Options: from n/a through <= 0.9.7.
CVE-2025-23762	WordPress Dsgnwrks Twitter Importer	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Sternberg DsgnWrks Twitter Importer dsgnwrks-twitter-importer allows Reflected XSS.This issue affects DsgnWrks Twitter Importer: from n/a through <= 1.1.4.
CVE-2025-23753	WordPress Dn Sitemap Control	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Sitemap Control dn-sitemap-control allows Reflected XSS.This issue affects DN Sitemap Control: from n/a through <= 1.0.6.
CVE-2025-23741	WordPress Notifications Center	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian Chaillou Notifications Center notifications-center allows Reflected XSS.This issue affects Notifications Center: from n/a through <= 1.5.2.
CVE-2025-23740	WordPress Easy School Registration	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zbynek Nedoma Easy School Registration easy-school-registration allows Reflected XSS.This issue affects Easy School Registration: from n/a through <= 3.9.8.
CVE-2025-23739	WordPress Wp Ultimate Reviews Free	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtibbles WP Ultimate Reviews FREE wp-ultimate-reviews-free allows Reflected XSS.This issue affects WP Ultimate Reviews FREE: from n/a through <= 1.0.2.
CVE-2025-23738	WordPress Ps Ads Pro	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Ps Ads Pro ps-ads-pro allows Reflected XSS.This issue affects Ps Ads Pro: from n/a through <= 1.0.0.
CVE-2025-23736	WordPress Form To Json	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webgdawg Form To JSON form-to-json allows Reflected XSS.This issue affects Form To JSON: from n/a through <= 1.0.
CVE-2025-23731	WordPress Tax Report For Woocommerce	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Tax Report for WooCommerce tax-report-for-woocommerce allows Reflected XSS.This issue affects Tax Report for WooCommerce: from n/a through <= 2.2.
CVE-2025-23726	WordPress Comparepress	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thebloghouse ComparePress comparepress allows Reflected XSS.This issue affects ComparePress: from n/a through <= 2.0.8.
CVE-2025-23721	WordPress Mobigatevn	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cloudvn Mobigate mobigatevn allows Reflected XSS.This issue affects Mobigate: from n/a through <= 1.0.3.
CVE-2025-23718	WordPress Mancx Askme Widget	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mancx Mancx AskMe Widget mancx-askme-widget allows Reflected XSS.This issue affects Mancx AskMe Widget: from n/a through <= 0.3.
CVE-2025-23716	WordPress Login Watchdog	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JkmAS Login Watchdog login-watchdog allows Stored XSS.This issue affects Login Watchdog: from n/a through <= 1.0.4.
CVE-2025-23688	WordPress Cobwebo Url	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in editionskezzal Cobwebo URL Plugin cobwebo-url allows Reflected XSS.This issue affects Cobwebo URL Plugin: from n/a through <= 1.0.
CVE-2025-23670	WordPress 4 Author Cheer Up Donate	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in montashov 4 author cheer up donate 4-author-cheer-up-donate allows Reflected XSS.This issue affects 4 author cheer up donate: from n/a through <= 1.3.
CVE-2025-23668	WordPress Glasses For Woocommerce	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauricio Urrego ChatGPT Open AI Images & Content for WooCommerce glasses-for-woocommerce allows Reflected XSS.This issue affects ChatGPT Open AI Images & Content for WooCommerce: from n/a through <= 2.2.0.
CVE-2025-23663	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a through <= 1.0.
CVE-2025-23637	WordPress Wp Xintaoke	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fxy060608 新淘客WordPress插件 wp-xintaoke allows Reflected XSS.This issue affects 新淘客WordPress插件: from n/a through <= 1.1.2.
CVE-2025-23635	WordPress Epermissions	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through <= 1.2.

CVE-2025-23814HigMar 3, 2025
WordPress
Crudlab Facebook Like Box
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRUDLab CRUDLab Like Box crudlab-facebook-like-box allows Reflected XSS.This issue affects CRUDLab Like Box: from n/a through <= 2.0.9.
CVE-2025-23813HigMar 3, 2025
WordPress
Guten Free Options
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tony Hayes Guten Free Options guten-free-options allows Reflected XSS.This issue affects Guten Free Options: from n/a through <= 0.9.7.
CVE-2025-23762HigMar 3, 2025
WordPress
Dsgnwrks Twitter Importer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Sternberg DsgnWrks Twitter Importer dsgnwrks-twitter-importer allows Reflected XSS.This issue affects DsgnWrks Twitter Importer: from n/a through <= 1.1.4.
CVE-2025-23753HigMar 3, 2025
WordPress
Dn Sitemap Control
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Sitemap Control dn-sitemap-control allows Reflected XSS.This issue affects DN Sitemap Control: from n/a through <= 1.0.6.
CVE-2025-23741HigMar 3, 2025
WordPress
Notifications Center
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian Chaillou Notifications Center notifications-center allows Reflected XSS.This issue affects Notifications Center: from n/a through <= 1.5.2.
CVE-2025-23740HigMar 3, 2025
WordPress
Easy School Registration
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zbynek Nedoma Easy School Registration easy-school-registration allows Reflected XSS.This issue affects Easy School Registration: from n/a through <= 3.9.8.
CVE-2025-23739HigMar 3, 2025
WordPress
Wp Ultimate Reviews Free
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jtibbles WP Ultimate Reviews FREE wp-ultimate-reviews-free allows Reflected XSS.This issue affects WP Ultimate Reviews FREE: from n/a through <= 1.0.2.
CVE-2025-23738HigMar 3, 2025
WordPress
Ps Ads Pro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Padam Shankhadev Ps Ads Pro ps-ads-pro allows Reflected XSS.This issue affects Ps Ads Pro: from n/a through <= 1.0.0.
CVE-2025-23736HigMar 3, 2025
WordPress
Form To Json
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webgdawg Form To JSON form-to-json allows Reflected XSS.This issue affects Form To JSON: from n/a through <= 1.0.
CVE-2025-23731HigMar 3, 2025
WordPress
Tax Report For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Tax Report for WooCommerce tax-report-for-woocommerce allows Reflected XSS.This issue affects Tax Report for WooCommerce: from n/a through <= 2.2.
CVE-2025-23726HigMar 3, 2025
WordPress
Comparepress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thebloghouse ComparePress comparepress allows Reflected XSS.This issue affects ComparePress: from n/a through <= 2.0.8.
CVE-2025-23721HigMar 3, 2025
WordPress
Mobigatevn
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cloudvn Mobigate mobigatevn allows Reflected XSS.This issue affects Mobigate: from n/a through <= 1.0.3.
CVE-2025-23718HigMar 3, 2025
WordPress
Mancx Askme Widget
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mancx Mancx AskMe Widget mancx-askme-widget allows Reflected XSS.This issue affects Mancx AskMe Widget: from n/a through <= 0.3.
CVE-2025-23716HigMar 3, 2025
WordPress
Login Watchdog
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JkmAS Login Watchdog login-watchdog allows Stored XSS.This issue affects Login Watchdog: from n/a through <= 1.0.4.
CVE-2025-23688HigMar 3, 2025
WordPress
Cobwebo Url
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in editionskezzal Cobwebo URL Plugin cobwebo-url allows Reflected XSS.This issue affects Cobwebo URL Plugin: from n/a through <= 1.0.
CVE-2025-23670HigMar 3, 2025
WordPress
4 Author Cheer Up Donate
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in montashov 4 author cheer up donate 4-author-cheer-up-donate allows Reflected XSS.This issue affects 4 author cheer up donate: from n/a through <= 1.3.
CVE-2025-23668HigMar 3, 2025
WordPress
Glasses For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauricio Urrego ChatGPT Open AI Images & Content for WooCommerce glasses-for-woocommerce allows Reflected XSS.This issue affects ChatGPT Open AI Images & Content for WooCommerce: from n/a through <= 2.2.0.
CVE-2025-23663HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a through <= 1.0.
CVE-2025-23637HigMar 3, 2025
WordPress
Wp Xintaoke
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fxy060608 新淘客WordPress插件 wp-xintaoke allows Reflected XSS.This issue affects 新淘客WordPress插件: from n/a through <= 1.1.2.
CVE-2025-23635HigMar 3, 2025
WordPress
Epermissions
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through <= 1.2.