CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 87 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-24630	WordPress Sikshya	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS sikshya allows Reflected XSS.This issue affects Sikshya LMS: from n/a through <= 0.0.21.
CVE-2025-24629	WordPress Gf Excel Import	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Import Excel to Gravity Forms: from n/a through <= 1.18.
CVE-2025-24620	WordPress Aio Shortcodes	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes: from n/a through <= 1.3.
CVE-2025-24576	WordPress Landing Page Cat	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.7.
CVE-2025-24574	WordPress Pepro Bacs Receipt Upload For Woocommerce	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce allows Reflected XSS.This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through <= 2.6.9.
CVE-2025-24559	Wpmailster Wp Mailster	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.15.0.
CVE-2025-24557	WordPress Z Inventory Manager	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware PlainInventory z-inventory-manager allows Reflected XSS.This issue affects PlainInventory: from n/a through <= 3.1.5.
CVE-2025-24545	WordPress Bsk Gravity Forms Custom Validation	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue affects BSK Forms Validation: from n/a through <= 1.7.
CVE-2025-24544	WordPress Wallets	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoin and Altcoin Wallets: from n/a through <= 6.3.1.
CVE-2025-24541	WordPress Dk White Label	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: from n/a through <= 1.0.
CVE-2025-24536	WordPress Thrivedesk	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThriveDesk ThriveDesk thrivedesk allows Reflected XSS.This issue affects ThriveDesk: from n/a through <= 2.0.6.
CVE-2025-23984	WordPress Dynamic Url Seo	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through <= 1.0.
CVE-2025-23923	WordPress Lockets	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through <= 0.999.
CVE-2025-23920	WordPress Applicantpro	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sourcing Team ApplicantPro applicantpro allows Reflected XSS.This issue affects ApplicantPro: from n/a through <= 1.3.9.
CVE-2025-23799	WordPress Tube Video Curator	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tubegtld .TUBE Video Curator tube-video-curator allows Reflected XSS.This issue affects .TUBE Video Curator: from n/a through <= 1.1.9.
CVE-2025-23755	WordPress Pafacile	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tosend.it PAFacile pafacile allows Reflected XSS.This issue affects PAFacile: from n/a through <= 2.6.1.
CVE-2025-23685	WordPress Romancart On Wordpress	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through <= 0.0.2.
CVE-2025-23614	WordPress Wp Additional Logins	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in niksudan WordPress Additional Logins wp-additional-logins allows Reflected XSS.This issue affects WordPress Additional Logins: from n/a through <= 1.0.0.
CVE-2025-23599	WordPress Emarksheet	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aarvansh Infotech eMarksheet emarksheet allows Reflected XSS.This issue affects eMarksheet: from n/a through <= 5.4.3.
CVE-2025-23594	WordPress Location Piker	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through <= 2.1.0.

CVE-2025-24630HigFeb 3, 2025
WordPress
Sikshya
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS sikshya allows Reflected XSS.This issue affects Sikshya LMS: from n/a through <= 0.0.21.
CVE-2025-24629HigFeb 3, 2025
WordPress
Gf Excel Import
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Import Excel to Gravity Forms: from n/a through <= 1.18.
CVE-2025-24620HigFeb 3, 2025
WordPress
Aio Shortcodes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes: from n/a through <= 1.3.
CVE-2025-24576HigFeb 3, 2025
WordPress
Landing Page Cat
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.7.
CVE-2025-24574HigFeb 3, 2025
WordPress
Pepro Bacs Receipt Upload For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce allows Reflected XSS.This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through <= 2.6.9.
CVE-2025-24559HigFeb 3, 2025
Wpmailster
Wp Mailster
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.15.0.
CVE-2025-24557HigFeb 3, 2025
WordPress
Z Inventory Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware PlainInventory z-inventory-manager allows Reflected XSS.This issue affects PlainInventory: from n/a through <= 3.1.5.
CVE-2025-24545HigFeb 3, 2025
WordPress
Bsk Gravity Forms Custom Validation
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue affects BSK Forms Validation: from n/a through <= 1.7.
CVE-2025-24544HigFeb 3, 2025
WordPress
Wallets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoin and Altcoin Wallets: from n/a through <= 6.3.1.
CVE-2025-24541HigFeb 3, 2025
WordPress
Dk White Label
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: from n/a through <= 1.0.
CVE-2025-24536HigFeb 3, 2025
WordPress
Thrivedesk
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThriveDesk ThriveDesk thrivedesk allows Reflected XSS.This issue affects ThriveDesk: from n/a through <= 2.0.6.
CVE-2025-23984HigFeb 3, 2025
WordPress
Dynamic Url Seo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through <= 1.0.
CVE-2025-23923HigFeb 3, 2025
WordPress
Lockets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through <= 0.999.
CVE-2025-23920HigFeb 3, 2025
WordPress
Applicantpro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sourcing Team ApplicantPro applicantpro allows Reflected XSS.This issue affects ApplicantPro: from n/a through <= 1.3.9.
CVE-2025-23799HigFeb 3, 2025
WordPress
Tube Video Curator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tubegtld .TUBE Video Curator tube-video-curator allows Reflected XSS.This issue affects .TUBE Video Curator: from n/a through <= 1.1.9.
CVE-2025-23755HigFeb 3, 2025
WordPress
Pafacile
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tosend.it PAFacile pafacile allows Reflected XSS.This issue affects PAFacile: from n/a through <= 2.6.1.
CVE-2025-23685HigFeb 3, 2025
WordPress
Romancart On Wordpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through <= 0.0.2.
CVE-2025-23614HigFeb 3, 2025
WordPress
Wp Additional Logins
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in niksudan WordPress Additional Logins wp-additional-logins allows Reflected XSS.This issue affects WordPress Additional Logins: from n/a through <= 1.0.0.
CVE-2025-23599HigFeb 3, 2025
WordPress
Emarksheet
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aarvansh Infotech eMarksheet emarksheet allows Reflected XSS.This issue affects eMarksheet: from n/a through <= 5.4.3.
CVE-2025-23594HigFeb 3, 2025
WordPress
Location Piker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through <= 2.1.0.