CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 85 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23750	WordPress Custom Widget Creator	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through <= 1.0.5.
CVE-2025-23748	WordPress Awesome Gallery Singsys	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: from n/a through <= 1.0.
CVE-2025-23742	WordPress Podamibe Twilio Private Call	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call podamibe-twilio-private-call allows Reflected XSS.This issue affects Podamibe Twilio Private Call: from n/a through <= 1.0.1.
CVE-2025-23658	WordPress Advanced Angular Contact Form	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through <= 1.1.0.
CVE-2025-23657	WordPress Salesforce Wordpress To Candidate	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through <= 1.0.1.
CVE-2025-23655	WordPress Cf7 Paystack Add On	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects Contact Form 7 – Paystack Add-on: from n/a through <= 1.2.3.
CVE-2025-23653	—	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabeel Tahir Form To Online Booking cf7-calendly-integration allows Reflected XSS.This issue affects Form To Online Booking: from n/a through <= 1.0.
CVE-2025-23652	WordPress Add Custom Content After Post	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through <= 1.0.
CVE-2025-23651	WordPress Scroll To Top Builder	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a through <= 1.3.3.
CVE-2025-23650	WordPress Tidyro	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro tidyro allows Reflected XSS.This issue affects Tidy.ro: from n/a through <= 1.3.
CVE-2025-23648	WordPress Adsmiddle	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle adsmiddle allows Reflected XSS.This issue affects AdsMiddle: from n/a through <= 1.0.
CVE-2025-23647	—	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through <= 1.5.
CVE-2025-23646	WordPress Library Instruction Recorder	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Brooks Library Instruction Recorder library-instruction-recorder allows Reflected XSS.This issue affects Library Instruction Recorder: from n/a through <= 1.1.4.
CVE-2025-23598	WordPress Reciply	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in craig.edmunds@gmail.com Recip.ly reciply allows Reflected XSS.This issue affects Recip.ly: from n/a through <= 1.1.8.
CVE-2025-23571	WordPress Internal Links Generator	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Internal Links Generator internal-links-generator allows Reflected XSS.This issue affects Internal Links Generator: from n/a through <= 3.51.
CVE-2025-23568	WordPress Wp Login Attempt Log	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login Attempt Log: from n/a through <= 1.3.
CVE-2025-23525	WordPress Kv Send Email From Admin	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through <= 1.1.
CVE-2025-23523	WordPress Hss Embed Streaming Video	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed Streaming Video: from n/a through <= 3.23.
CVE-2025-23492	WordPress Taobaoke	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a through <= 1.1.2.
CVE-2025-23474	WordPress Live Dashboard	Hig	0.46	7.1	Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3.

CVE-2025-23750HigFeb 14, 2025
WordPress
Custom Widget Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator custom-widget-creator allows Reflected XSS.This issue affects Custom Widget Creator: from n/a through <= 1.0.5.
CVE-2025-23748HigFeb 14, 2025
WordPress
Awesome Gallery Singsys
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Singsys Singsys -Awesome Gallery awesome-gallery-singsys allows Reflected XSS.This issue affects Singsys -Awesome Gallery: from n/a through <= 1.0.
CVE-2025-23742HigFeb 14, 2025
WordPress
Podamibe Twilio Private Call
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call podamibe-twilio-private-call allows Reflected XSS.This issue affects Podamibe Twilio Private Call: from n/a through <= 1.0.1.
CVE-2025-23658HigFeb 14, 2025
WordPress
Advanced Angular Contact Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through <= 1.1.0.
CVE-2025-23657HigFeb 14, 2025
WordPress
Salesforce Wordpress To Candidate
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RusAlex WordPress-to-candidate for Salesforce CRM salesforce-wordpress-to-candidate allows Reflected XSS.This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through <= 1.0.1.
CVE-2025-23655HigFeb 14, 2025
WordPress
Cf7 Paystack Add On
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crystalwebpro Contact Form 7 – Paystack Add-on cf7-paystack-add-on allows Reflected XSS.This issue affects Contact Form 7 – Paystack Add-on: from n/a through <= 1.2.3.
CVE-2025-23653HigFeb 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabeel Tahir Form To Online Booking cf7-calendly-integration allows Reflected XSS.This issue affects Form To Online Booking: from n/a through <= 1.0.
CVE-2025-23652HigFeb 14, 2025
WordPress
Add Custom Content After Post
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through <= 1.0.
CVE-2025-23651HigFeb 14, 2025
WordPress
Scroll To Top Builder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Scroll Top scroll-to-top-builder allows Reflected XSS.This issue affects Scroll Top: from n/a through <= 1.3.3.
CVE-2025-23650HigFeb 14, 2025
WordPress
Tidyro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro tidyro allows Reflected XSS.This issue affects Tidy.ro: from n/a through <= 1.3.
CVE-2025-23648HigFeb 14, 2025
WordPress
Adsmiddle
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle adsmiddle allows Reflected XSS.This issue affects AdsMiddle: from n/a through <= 1.0.
CVE-2025-23647HigFeb 14, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ariagle WP-Clap wp-clap allows Reflected XSS.This issue affects WP-Clap: from n/a through <= 1.5.
CVE-2025-23646HigFeb 14, 2025
WordPress
Library Instruction Recorder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Brooks Library Instruction Recorder library-instruction-recorder allows Reflected XSS.This issue affects Library Instruction Recorder: from n/a through <= 1.1.4.
CVE-2025-23598HigFeb 14, 2025
WordPress
Reciply
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in craig.edmunds@gmail.com Recip.ly reciply allows Reflected XSS.This issue affects Recip.ly: from n/a through <= 1.1.8.
CVE-2025-23571HigFeb 14, 2025
WordPress
Internal Links Generator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in makong Internal Links Generator internal-links-generator allows Reflected XSS.This issue affects Internal Links Generator: from n/a through <= 3.51.
CVE-2025-23568HigFeb 14, 2025
WordPress
Wp Login Attempt Log
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login Attempt Log: from n/a through <= 1.3.
CVE-2025-23525HigFeb 14, 2025
WordPress
Kv Send Email From Admin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through <= 1.1.
CVE-2025-23523HigFeb 14, 2025
WordPress
Hss Embed Streaming Video
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video hss-embed-streaming-video allows Reflected XSS.This issue affects HSS Embed Streaming Video: from n/a through <= 3.23.
CVE-2025-23492HigFeb 14, 2025
WordPress
Taobaoke
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a through <= 1.1.2.
CVE-2025-23474HigFeb 14, 2025
WordPress
Live Dashboard
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3.