CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 84 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-24617	WordPress Acymailing	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through < 9.11.1.
CVE-2025-24616	WordPress Uix Page Builder	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page Builder: from n/a through <= 1.7.3.
CVE-2025-24615	WordPress Analytics Cat	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a through <= 1.1.2.
CVE-2025-24614	WordPress Post Timeline	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from n/a through <= 2.3.9.
CVE-2025-24592	WordPress Customize My Account For Woocommerce	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through <= 2.8.22.
CVE-2025-24566	WordPress Dp Intro Tours	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation dp-intro-tours allows Reflected XSS.This issue affects Intro Tour Tutorial DeepPresentation: from n/a through <= 6.5.2.
CVE-2025-24565	WordPress Wp2leads	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.3.3.
CVE-2025-24564	WordPress Contact Form With Shortcode	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through <= 4.2.5.
CVE-2025-24558	WordPress Support X	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from n/a through <= 1.1.5.
CVE-2025-24554	WordPress Awcode Toolkit	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.14.
CVE-2025-23905	WordPress Admin Options Pages	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a through <= 0.9.7.
CVE-2025-23857	Smartdatasoft Essential Wp Real Estate	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/a through <= 1.1.3.
CVE-2025-23853	WordPress Nofollow Free	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a through <= 1.6.3.
CVE-2025-23851	WordPress Coronavirus Data Widgets	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khushwant Singh Coronavirus (COVID-19) Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus (COVID-19) Outbreak Data Widgets: from n/a through <= 1.1.1.
CVE-2025-23790	WordPress Easy Code Placement	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: from n/a through 18.11.
CVE-2025-23789	—	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener \| Conversion Tracking \| AB Testing \| WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener \| Conversion Tracking \| AB Testing \| WooCommerce: from n/a through <= 9.0.2.
CVE-2025-23788	WordPress Easy Filter	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from n/a through <= 1.10.
CVE-2025-23787	WordPress Easy Bet	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Easy Bet easy-bet allows Reflected XSS.This issue affects Easy Bet: from n/a through <= 1.0.7.
CVE-2025-23786	WordPress Email To Download	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through <= 3.1.0.
CVE-2025-23751	WordPress Data Dash	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Reflected XSS.This issue affects Data Dash: from n/a through <= 1.2.3.

CVE-2025-24617HigFeb 14, 2025
WordPress
Acymailing
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through < 9.11.1.
CVE-2025-24616HigFeb 14, 2025
WordPress
Uix Page Builder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder uix-page-builder allows Reflected XSS.This issue affects Uix Page Builder: from n/a through <= 1.7.3.
CVE-2025-24615HigFeb 14, 2025
WordPress
Analytics Cat
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat analytics-cat allows Reflected XSS.This issue affects Analytics Cat: from n/a through <= 1.1.2.
CVE-2025-24614HigFeb 14, 2025
WordPress
Post Timeline
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from n/a through <= 2.3.9.
CVE-2025-24592HigFeb 14, 2025
WordPress
Customize My Account For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through <= 2.8.22.
CVE-2025-24566HigFeb 14, 2025
WordPress
Dp Intro Tours
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation dp-intro-tours allows Reflected XSS.This issue affects Intro Tour Tutorial DeepPresentation: from n/a through <= 6.5.2.
CVE-2025-24565HigFeb 14, 2025
WordPress
Wp2leads
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.3.3.
CVE-2025-24564HigFeb 14, 2025
WordPress
Contact Form With Shortcode
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through <= 4.2.5.
CVE-2025-24558HigFeb 14, 2025
WordPress
Support X
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from n/a through <= 1.1.5.
CVE-2025-24554HigFeb 14, 2025
WordPress
Awcode Toolkit
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.14.
CVE-2025-23905HigFeb 14, 2025
WordPress
Admin Options Pages
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages admin-options-pages allows Reflected XSS.This issue affects Admin Options Pages: from n/a through <= 0.9.7.
CVE-2025-23857HigFeb 14, 2025
Smartdatasoft
Essential Wp Real Estate
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/a through <= 1.1.3.
CVE-2025-23853HigFeb 14, 2025
WordPress
Nofollow Free
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free nofollow-free allows Reflected XSS.This issue affects NoFollow Free: from n/a through <= 1.6.3.
CVE-2025-23851HigFeb 14, 2025
WordPress
Coronavirus Data Widgets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khushwant Singh Coronavirus (COVID-19) Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus (COVID-19) Outbreak Data Widgets: from n/a through <= 1.1.1.
CVE-2025-23790HigFeb 14, 2025
WordPress
Easy Code Placement
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: from n/a through 18.11.
CVE-2025-23789HigFeb 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener | Conversion Tracking | AB Testing | WooCommerce: from n/a through <= 9.0.2.
CVE-2025-23788HigFeb 14, 2025
WordPress
Easy Filter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from n/a through <= 1.10.
CVE-2025-23787HigFeb 14, 2025
WordPress
Easy Bet
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foxskav Easy Bet easy-bet allows Reflected XSS.This issue affects Easy Bet: from n/a through <= 1.0.7.
CVE-2025-23786HigFeb 14, 2025
WordPress
Email To Download
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through <= 3.1.0.
CVE-2025-23751HigFeb 14, 2025
WordPress
Data Dash
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash data-dash allows Reflected XSS.This issue affects Data Dash: from n/a through <= 1.2.3.