CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 82 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23485	WordPress Rs Survey	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richestsoft RS Survey rs-survey allows Reflected XSS.This issue affects RS Survey: from n/a through <= 1.0.
CVE-2025-23484	WordPress Predict When	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cojecto Predict When predict-when allows Reflected XSS.This issue affects Predict When: from n/a through <= 1.3.
CVE-2025-23482	WordPress Azurecurve Floating Featured Image	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azurecurve azurecurve Floating Featured Image azurecurve-floating-featured-image allows Reflected XSS.This issue affects azurecurve Floating Featured Image: from n/a through <= 2.2.0.
CVE-2025-23481	WordPress Ni Woocommerce Sales Report Email	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected XSS.This issue affects Ni WooCommerce Sales Report Email: from n/a through <= 3.1.4.
CVE-2025-23479	WordPress Melascrivi	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melascrivi melascrivi melascrivi allows Reflected XSS.This issue affects melascrivi: from n/a through <= 1.4.
CVE-2025-23478	WordPress Photo Video Store	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsaccount Photo Video Store photo-video-store allows Reflected XSS.This issue affects Photo Video Store: from n/a through <= 21.07.
CVE-2025-23473	WordPress Killer Theme Options	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects Killer Theme Options: from n/a through <= 2.0.
CVE-2025-23472	WordPress Flexo Slider	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Slider flexo-slider allows Reflected XSS.This issue affects Flexo Slider: from n/a through <= 1.0013.
CVE-2025-23468	WordPress Essay Wizard Wpcres	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wrenchpilot Essay Wizard (wpCRES) essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard (wpCRES): from n/a through <= 1.0.6.4.
CVE-2025-23465	WordPress Vampire Character	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magent Vampire Character Manager vampire-character allows Reflected XSS.This issue affects Vampire Character Manager: from n/a through <= 2.13.
CVE-2025-23464	WordPress Twitter News Feed	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keir Whitaker Twitter News Feed twitter-news-feed allows Reflected XSS.This issue affects Twitter News Feed: from n/a through <= 1.1.1.
CVE-2025-23451	WordPress Awesome Twitter Feeds	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titodevera Awesome Twitter Feeds awesome-twitter-feeds allows Reflected XSS.This issue affects Awesome Twitter Feeds: from n/a through <= 1.0.
CVE-2025-23450	WordPress Aw Woocommerce Kode Pembayaran	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agenwebsite AW WooCommerce Kode Pembayaran aw-woocommerce-kode-pembayaran allows Reflected XSS.This issue affects AW WooCommerce Kode Pembayaran: from n/a through <= 1.1.4.
CVE-2025-23447	WordPress Smooth Dynamic Slider	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundan Yevale Smooth Dynamic Slider smooth-dynamic-slider allows Reflected XSS.This issue affects Smooth Dynamic Slider: from n/a through <= 1.0.
CVE-2025-23441	WordPress Attach Gallery Posts	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dkukral Attach Gallery Posts attach-gallery-posts allows Reflected XSS.This issue affects Attach Gallery Posts: from n/a through <= 1.6.
CVE-2025-23439	WordPress Tinymce Extended Config	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willshouse TinyMCE Extended Config tinymce-extended-config allows Reflected XSS.This issue affects TinyMCE Extended Config: from n/a through <= 0.1.0.
CVE-2025-23437	WordPress Header Images Rotator	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nord_tramper ntp-header-images header-images-rotator allows Reflected XSS.This issue affects ntp-header-images: from n/a through <= 1.2.
CVE-2025-23433	WordPress Vcos	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jnwry vcOS vcos allows Reflected XSS.This issue affects vcOS: from n/a through <= 1.4.0.
CVE-2025-23425	WordPress Marekkis Watermark	Hig	0.46	7.1	Mar 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark marekkis-watermark allows Reflected XSS.This issue affects Marekkis Watermark: from n/a through <= 0.9.4.
CVE-2025-23687	WordPress Woo Store Mode	Hig	0.46	7.1	Feb 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simonhunter Woo Store Mode woo-store-mode allows Reflected XSS.This issue affects Woo Store Mode: from n/a through <= 1.0.1.

CVE-2025-23485HigMar 3, 2025
WordPress
Rs Survey
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richestsoft RS Survey rs-survey allows Reflected XSS.This issue affects RS Survey: from n/a through <= 1.0.
CVE-2025-23484HigMar 3, 2025
WordPress
Predict When
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cojecto Predict When predict-when allows Reflected XSS.This issue affects Predict When: from n/a through <= 1.3.
CVE-2025-23482HigMar 3, 2025
WordPress
Azurecurve Floating Featured Image
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azurecurve azurecurve Floating Featured Image azurecurve-floating-featured-image allows Reflected XSS.This issue affects azurecurve Floating Featured Image: from n/a through <= 2.2.0.
CVE-2025-23481HigMar 3, 2025
WordPress
Ni Woocommerce Sales Report Email
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Sales Report Email ni-woocommerce-sales-report-email allows Reflected XSS.This issue affects Ni WooCommerce Sales Report Email: from n/a through <= 3.1.4.
CVE-2025-23479HigMar 3, 2025
WordPress
Melascrivi
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in melascrivi melascrivi melascrivi allows Reflected XSS.This issue affects melascrivi: from n/a through <= 1.4.
CVE-2025-23478HigMar 3, 2025
WordPress
Photo Video Store
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsaccount Photo Video Store photo-video-store allows Reflected XSS.This issue affects Photo Video Store: from n/a through <= 21.07.
CVE-2025-23473HigMar 3, 2025
WordPress
Killer Theme Options
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects Killer Theme Options: from n/a through <= 2.0.
CVE-2025-23472HigMar 3, 2025
WordPress
Flexo Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio Flexo Slider flexo-slider allows Reflected XSS.This issue affects Flexo Slider: from n/a through <= 1.0013.
CVE-2025-23468HigMar 3, 2025
WordPress
Essay Wizard Wpcres
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wrenchpilot Essay Wizard (wpCRES) essay-wizard-wpcres allows Reflected XSS.This issue affects Essay Wizard (wpCRES): from n/a through <= 1.0.6.4.
CVE-2025-23465HigMar 3, 2025
WordPress
Vampire Character
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magent Vampire Character Manager vampire-character allows Reflected XSS.This issue affects Vampire Character Manager: from n/a through <= 2.13.
CVE-2025-23464HigMar 3, 2025
WordPress
Twitter News Feed
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keir Whitaker Twitter News Feed twitter-news-feed allows Reflected XSS.This issue affects Twitter News Feed: from n/a through <= 1.1.1.
CVE-2025-23451HigMar 3, 2025
WordPress
Awesome Twitter Feeds
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titodevera Awesome Twitter Feeds awesome-twitter-feeds allows Reflected XSS.This issue affects Awesome Twitter Feeds: from n/a through <= 1.0.
CVE-2025-23450HigMar 3, 2025
WordPress
Aw Woocommerce Kode Pembayaran
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agenwebsite AW WooCommerce Kode Pembayaran aw-woocommerce-kode-pembayaran allows Reflected XSS.This issue affects AW WooCommerce Kode Pembayaran: from n/a through <= 1.1.4.
CVE-2025-23447HigMar 3, 2025
WordPress
Smooth Dynamic Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kundan Yevale Smooth Dynamic Slider smooth-dynamic-slider allows Reflected XSS.This issue affects Smooth Dynamic Slider: from n/a through <= 1.0.
CVE-2025-23441HigMar 3, 2025
WordPress
Attach Gallery Posts
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dkukral Attach Gallery Posts attach-gallery-posts allows Reflected XSS.This issue affects Attach Gallery Posts: from n/a through <= 1.6.
CVE-2025-23439HigMar 3, 2025
WordPress
Tinymce Extended Config
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willshouse TinyMCE Extended Config tinymce-extended-config allows Reflected XSS.This issue affects TinyMCE Extended Config: from n/a through <= 0.1.0.
CVE-2025-23437HigMar 3, 2025
WordPress
Header Images Rotator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nord_tramper ntp-header-images header-images-rotator allows Reflected XSS.This issue affects ntp-header-images: from n/a through <= 1.2.
CVE-2025-23433HigMar 3, 2025
WordPress
Vcos
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jnwry vcOS vcos allows Reflected XSS.This issue affects vcOS: from n/a through <= 1.4.0.
CVE-2025-23425HigMar 3, 2025
WordPress
Marekkis Watermark
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark marekkis-watermark allows Reflected XSS.This issue affects Marekkis Watermark: from n/a through <= 0.9.4.
CVE-2025-23687HigFeb 27, 2025
WordPress
Woo Store Mode
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simonhunter Woo Store Mode woo-store-mode allows Reflected XSS.This issue affects Woo Store Mode: from n/a through <= 1.0.1.