CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,270)

page 80 of 964

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23619	WordPress Catch Duplicate Switcher	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through <= 2.0.
CVE-2025-23616	WordPress Canalplan Ac	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Canalplan canalplan-ac allows Reflected XSS.This issue affects Canalplan: from n/a through <= 5.31.
CVE-2025-23600	WordPress Send Booking Invites To Friends	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through <= 1.4.1.
CVE-2025-23595	WordPress Page Health O Meter	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainpulse Page Health-O-Meter page-health-o-meter allows Reflected XSS.This issue affects Page Health-O-Meter: from n/a through <= 2.0.
CVE-2025-23587	WordPress All In One Login	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through <= 2.0.1.
CVE-2025-23586	WordPress Wp Post Category Notifications	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MAL73049 WP Post Category Notifications wp-post-category-notifications allows Reflected XSS.This issue affects WP Post Category Notifications: from n/a through <= 1.0.
CVE-2025-23585	WordPress Googl Url Shorter	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter googl-url-shorter allows Reflected XSS.This issue affects Goo.gl Url Shorter: from n/a through <= 1.0.1.
CVE-2025-23584	WordPress Pin Locations On Map	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arsh91 Pin Locations on Map pin-locations-on-map allows Reflected XSS.This issue affects Pin Locations on Map: from n/a through <= 1.0.
CVE-2025-23576	WordPress Wp Intro Js Tours	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cfuze WP Intro.JS wp-intro-js-tours allows Reflected XSS.This issue affects WP Intro.JS: from n/a through <= 1.1.
CVE-2025-23575	WordPress Dx Sales Crm	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevriX DX Sales CRM dx-sales-crm allows Reflected XSS.This issue affects DX Sales CRM: from n/a through <= 1.1.
CVE-2025-23570	WordPress Wp Social Links	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bundy WP Social Links wp-social-links allows Reflected XSS.This issue affects WP Social Links: from n/a through <= 0.3.1.
CVE-2025-23565	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Wibstats wibstats-statistics-for-wordpress-mu allows Reflected XSS.This issue affects Wibstats: from n/a through <= 0.5.5.
CVE-2025-23564	WordPress Wp Fixtag	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mohsenshahbazi WP FixTag wp-fixtag allows Reflected XSS.This issue affects WP FixTag: from n/a through <= v2.0.2.
CVE-2025-23563	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through <= 1.01.
CVE-2025-23556	WordPress Push Envoy	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netbitsolutions Push Envoy Notifications push-envoy allows Reflected XSS.This issue affects Push Envoy Notifications: from n/a through <= 1.0.0.
CVE-2025-23555	WordPress Ui Slider Filter By Price	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Reflected XSS.This issue affects Ui Slider Filter By Price: from n/a through <= 1.1.
CVE-2025-23553	WordPress Userbase Access Control	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through <= 1.0.
CVE-2025-23552	WordPress Texteller	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yashar Texteller texteller allows Reflected XSS.This issue affects Texteller: from n/a through <= 1.3.0.
CVE-2025-23549	WordPress Maniac Seo	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agora32 Maniac SEO maniac-seo allows Reflected XSS.This issue affects Maniac SEO: from n/a through <= 2.0.
CVE-2025-23539	WordPress Awesome Hooks	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in surror Awesome Hooks awesome-hooks allows Reflected XSS.This issue affects Awesome Hooks: from n/a through <= 1.0.1.

CVE-2025-23619HigMar 3, 2025
WordPress
Catch Duplicate Switcher
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through <= 2.0.
CVE-2025-23616HigMar 3, 2025
WordPress
Canalplan Ac
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Canalplan canalplan-ac allows Reflected XSS.This issue affects Canalplan: from n/a through <= 5.31.
CVE-2025-23600HigMar 3, 2025
WordPress
Send Booking Invites To Friends
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through <= 1.4.1.
CVE-2025-23595HigMar 3, 2025
WordPress
Page Health O Meter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainpulse Page Health-O-Meter page-health-o-meter allows Reflected XSS.This issue affects Page Health-O-Meter: from n/a through <= 2.0.
CVE-2025-23587HigMar 3, 2025
WordPress
All In One Login
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashek Al Mahmud all-in-one-box-login all-in-one-login allows Reflected XSS.This issue affects all-in-one-box-login: from n/a through <= 2.0.1.
CVE-2025-23586HigMar 3, 2025
WordPress
Wp Post Category Notifications
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MAL73049 WP Post Category Notifications wp-post-category-notifications allows Reflected XSS.This issue affects WP Post Category Notifications: from n/a through <= 1.0.
CVE-2025-23585HigMar 3, 2025
WordPress
Googl Url Shorter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo Goo.gl Url Shorter googl-url-shorter allows Reflected XSS.This issue affects Goo.gl Url Shorter: from n/a through <= 1.0.1.
CVE-2025-23584HigMar 3, 2025
WordPress
Pin Locations On Map
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arsh91 Pin Locations on Map pin-locations-on-map allows Reflected XSS.This issue affects Pin Locations on Map: from n/a through <= 1.0.
CVE-2025-23576HigMar 3, 2025
WordPress
Wp Intro Js Tours
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cfuze WP Intro.JS wp-intro-js-tours allows Reflected XSS.This issue affects WP Intro.JS: from n/a through <= 1.1.
CVE-2025-23575HigMar 3, 2025
WordPress
Dx Sales Crm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevriX DX Sales CRM dx-sales-crm allows Reflected XSS.This issue affects DX Sales CRM: from n/a through <= 1.1.
CVE-2025-23570HigMar 3, 2025
WordPress
Wp Social Links
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mitchell Bundy WP Social Links wp-social-links allows Reflected XSS.This issue affects WP Social Links: from n/a through <= 0.3.1.
CVE-2025-23565HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Taylor Wibstats wibstats-statistics-for-wordpress-mu allows Reflected XSS.This issue affects Wibstats: from n/a through <= 0.5.5.
CVE-2025-23564HigMar 3, 2025
WordPress
Wp Fixtag
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mohsenshahbazi WP FixTag wp-fixtag allows Reflected XSS.This issue affects WP FixTag: from n/a through <= v2.0.2.
CVE-2025-23563HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through <= 1.01.
CVE-2025-23556HigMar 3, 2025
WordPress
Push Envoy
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netbitsolutions Push Envoy Notifications push-envoy allows Reflected XSS.This issue affects Push Envoy Notifications: from n/a through <= 1.0.0.
CVE-2025-23555HigMar 3, 2025
WordPress
Ui Slider Filter By Price
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Reflected XSS.This issue affects Ui Slider Filter By Price: from n/a through <= 1.1.
CVE-2025-23553HigMar 3, 2025
WordPress
Userbase Access Control
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Userbase Access Control userbase-access-control allows Reflected XSS.This issue affects Userbase Access Control: from n/a through <= 1.0.
CVE-2025-23552HigMar 3, 2025
WordPress
Texteller
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yashar Texteller texteller allows Reflected XSS.This issue affects Texteller: from n/a through <= 1.3.0.
CVE-2025-23549HigMar 3, 2025
WordPress
Maniac Seo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agora32 Maniac SEO maniac-seo allows Reflected XSS.This issue affects Maniac SEO: from n/a through <= 2.0.
CVE-2025-23539HigMar 3, 2025
WordPress
Awesome Hooks
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in surror Awesome Hooks awesome-hooks allows Reflected XSS.This issue affects Awesome Hooks: from n/a through <= 1.0.1.