CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 81 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23552	WordPress Texteller	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yashar Texteller texteller allows Reflected XSS.This issue affects Texteller: from n/a through <= 1.3.0.
CVE-2025-23549	WordPress Maniac Seo	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agora32 Maniac SEO maniac-seo allows Reflected XSS.This issue affects Maniac SEO: from n/a through <= 2.0.
CVE-2025-23539	WordPress Awesome Hooks	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in surror Awesome Hooks awesome-hooks allows Reflected XSS.This issue affects Awesome Hooks: from n/a through <= 1.0.1.
CVE-2025-23538	WordPress Wp Contest	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sophia M Williams WP Contest wp-contest allows Reflected XSS.This issue affects WP Contest: from n/a through <= 1.0.0.
CVE-2025-23536	WordPress Track Page Scroll	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 Track Page Scroll track-page-scroll allows Reflected XSS.This issue affects Track Page Scroll: from n/a through <= 1.0.2.
CVE-2025-23526	Swiftcloud Swift Calendar Online Appointment Scheduling	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SwiftCloud Swift Calendar Online Appointment Scheduling online-appointment-scheduling-software allows Reflected XSS.This issue affects Swift Calendar Online Appointment Scheduling: from n/a through <= 1.3.3.
CVE-2025-23524	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through <= 1.7.
CVE-2025-23521	WordPress Goodlayers Blocks	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Blocks goodlayers-blocks allows Reflected XSS.This issue affects Goodlayers Blocks: from n/a through <= 1.0.1.
CVE-2025-23520	WordPress Heartland Management Terminal	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecureSubmit Heartland Management Terminal allows Reflected XSS. This issue affects Heartland Management Terminal: from n/a through 1.3.0.
CVE-2025-23519	WordPress Gwebpro Store Locator	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jas Saran G Web Pro Store Locator gwebpro-store-locator allows Reflected XSS.This issue affects G Web Pro Store Locator: from n/a through <= 2.0.1.
CVE-2025-23518	WordPress Googlemapper 2	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrsaucier GoogleMapper googlemapper-2 allows Reflected XSS.This issue affects GoogleMapper: from n/a through <= 2.0.3.
CVE-2025-23517	WordPress Google Map On Postpage	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunil chaulagain Google Map on Post/Page google-map-on-postpage allows Reflected XSS.This issue affects Google Map on Post/Page: from n/a through <= 1.1.
CVE-2025-23516	WordPress Sell With Razorpay	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Sale with Razorpay sell-with-razorpay allows Reflected XSS.This issue affects Sale with Razorpay: from n/a through <= 1.0.
CVE-2025-23505	WordPress Pit Login Welcome	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through <= 1.1.5.
CVE-2025-23496	WordPress Wp Fpo	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP FPO wp-fpo allows Reflected XSS.This issue affects WP FPO: from n/a through <= 1.0.
CVE-2025-23494	WordPress Quizzin	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binnyva Quizzin quizzin allows Reflected XSS.This issue affects Quizzin: from n/a through <= 1.01.4.
CVE-2025-23493	WordPress Google Transliteration	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Google Transliteration google-transliteration allows Reflected XSS.This issue affects Google Transliteration: from n/a through <= 1.7.2.
CVE-2025-23490	—	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Stursberg Browser-Update-Notify browser-update-notify allows Reflected XSS.This issue affects Browser-Update-Notify: from n/a through <= 0.2.1.
CVE-2025-23488	WordPress Rng Refresh	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from n/a through <= 1.0.
CVE-2025-23487	WordPress Simple Gallery Odihost	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in odihost Easy Gallery simple-gallery-odihost allows Reflected XSS.This issue affects Easy Gallery: from n/a through <= 1.4.

CVE-2025-23552HigMar 3, 2025
WordPress
Texteller
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yashar Texteller texteller allows Reflected XSS.This issue affects Texteller: from n/a through <= 1.3.0.
CVE-2025-23549HigMar 3, 2025
WordPress
Maniac Seo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agora32 Maniac SEO maniac-seo allows Reflected XSS.This issue affects Maniac SEO: from n/a through <= 2.0.
CVE-2025-23539HigMar 3, 2025
WordPress
Awesome Hooks
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in surror Awesome Hooks awesome-hooks allows Reflected XSS.This issue affects Awesome Hooks: from n/a through <= 1.0.1.
CVE-2025-23538HigMar 3, 2025
WordPress
Wp Contest
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sophia M Williams WP Contest wp-contest allows Reflected XSS.This issue affects WP Contest: from n/a through <= 1.0.0.
CVE-2025-23536HigMar 3, 2025
WordPress
Track Page Scroll
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 Track Page Scroll track-page-scroll allows Reflected XSS.This issue affects Track Page Scroll: from n/a through <= 1.0.2.
CVE-2025-23526HigMar 3, 2025
Swiftcloud
Swift Calendar Online Appointment Scheduling
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SwiftCloud Swift Calendar Online Appointment Scheduling online-appointment-scheduling-software allows Reflected XSS.This issue affects Swift Calendar Online Appointment Scheduling: from n/a through <= 1.3.3.
CVE-2025-23524HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through <= 1.7.
CVE-2025-23521HigMar 3, 2025
WordPress
Goodlayers Blocks
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Blocks goodlayers-blocks allows Reflected XSS.This issue affects Goodlayers Blocks: from n/a through <= 1.0.1.
CVE-2025-23520HigMar 3, 2025
WordPress
Heartland Management Terminal
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecureSubmit Heartland Management Terminal allows Reflected XSS. This issue affects Heartland Management Terminal: from n/a through 1.3.0.
CVE-2025-23519HigMar 3, 2025
WordPress
Gwebpro Store Locator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jas Saran G Web Pro Store Locator gwebpro-store-locator allows Reflected XSS.This issue affects G Web Pro Store Locator: from n/a through <= 2.0.1.
CVE-2025-23518HigMar 3, 2025
WordPress
Googlemapper 2
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrsaucier GoogleMapper googlemapper-2 allows Reflected XSS.This issue affects GoogleMapper: from n/a through <= 2.0.3.
CVE-2025-23517HigMar 3, 2025
WordPress
Google Map On Postpage
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunil chaulagain Google Map on Post/Page google-map-on-postpage allows Reflected XSS.This issue affects Google Map on Post/Page: from n/a through <= 1.1.
CVE-2025-23516HigMar 3, 2025
WordPress
Sell With Razorpay
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Sale with Razorpay sell-with-razorpay allows Reflected XSS.This issue affects Sale with Razorpay: from n/a through <= 1.0.
CVE-2025-23505HigMar 3, 2025
WordPress
Pit Login Welcome
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pantho Bihosh Pit Login Welcome pit-login-welcome allows Reflected XSS.This issue affects Pit Login Welcome: from n/a through <= 1.1.5.
CVE-2025-23496HigMar 3, 2025
WordPress
Wp Fpo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP FPO wp-fpo allows Reflected XSS.This issue affects WP FPO: from n/a through <= 1.0.
CVE-2025-23494HigMar 3, 2025
WordPress
Quizzin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in binnyva Quizzin quizzin allows Reflected XSS.This issue affects Quizzin: from n/a through <= 1.01.4.
CVE-2025-23493HigMar 3, 2025
WordPress
Google Transliteration
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Google Transliteration google-transliteration allows Reflected XSS.This issue affects Google Transliteration: from n/a through <= 1.7.2.
CVE-2025-23490HigMar 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Stursberg Browser-Update-Notify browser-update-notify allows Reflected XSS.This issue affects Browser-Update-Notify: from n/a through <= 0.2.1.
CVE-2025-23488HigMar 3, 2025
WordPress
Rng Refresh
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abolfazl Sabagh rng-refresh rng-refresh allows Reflected XSS.This issue affects rng-refresh: from n/a through <= 1.0.
CVE-2025-23487HigMar 3, 2025
WordPress
Simple Gallery Odihost
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in odihost Easy Gallery simple-gallery-odihost allows Reflected XSS.This issue affects Easy Gallery: from n/a through <= 1.4.