CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 88 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23593	WordPress Emailpress	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha EmailPress emailpress allows Reflected XSS.This issue affects EmailPress: from n/a through <= 1.0.
CVE-2025-23591	WordPress Blu Logistics	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through <= 1.0.0.
CVE-2025-23590	WordPress Dezdy Mcommerce	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dezdy.com Dezdy dezdy-mcommerce allows Reflected XSS.This issue affects Dezdy: from n/a through <= 1.0.
CVE-2025-23588	WordPress Best Css Compiler	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in baonguyenyam WOW Best CSS Compiler best-css-compiler allows Reflected XSS.This issue affects WOW Best CSS Compiler: from n/a through <= 2.0.2.
CVE-2025-23582	WordPress Bulk Categories Assign	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through <= 1.0.
CVE-2025-23491	WordPress Vstemplate Creator	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikash Srivastava VSTEMPLATE Creator vstemplate-creator allows Reflected XSS.This issue affects VSTEMPLATE Creator: from n/a through <= 2.0.2.
CVE-2025-22775	WordPress Intelligent Importer	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through <= 5.1.3.
CVE-2025-22704	WordPress Wordpress Signature	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through <= 0.1.
CVE-2025-22684	WordPress Wp Base Booking Of Appointments Services And Events	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through <= 5.0.0.
CVE-2025-22682	WordPress Hesabfa Accounting	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Reflected XSS.This issue affects Hesabfa Accounting: from n/a through <= 2.1.2.
CVE-2025-22679	—	Hig	0.46	7.1	Feb 3, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager job-board-manager allows Reflected XSS.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-24718	WordPress Activitytime	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Reflected XSS.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.1.
CVE-2025-24710	WordPress Gwolle Gb	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook gwolle-gb allows Reflected XSS.This issue affects Gwolle Guestbook: from n/a through <= 4.7.1.
CVE-2025-24686	Metagauss Registrationmagic	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through <= 6.0.3.3.
CVE-2025-24635	WordPress Paytm Donation	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in integrationdevpaytm Paytm Payment Donation paytm-donation allows Reflected XSS.This issue affects Paytm Payment Donation: from n/a through <= 2.3.1.
CVE-2025-24632	WordPress Advanced Dynamic Pricing For Woocommerce	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Reflected XSS.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through <= 4.9.0.
CVE-2025-24609	WordPress Iamport For Woocommerce	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through <= 3.2.4.
CVE-2025-24608	WordPress Gd Mail Queue	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Mail Queue gd-mail-queue allows Reflected XSS.This issue affects GD Mail Queue: from n/a through <= 4.3.
CVE-2025-24563	WordPress Cleanup Light	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeglow Cleanup – Directory Listing & Classifieds WordPress Plugin cleanup-light allows Reflected XSS.This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through <= 1.0.4.
CVE-2025-24560	WordPress Awesome Event Booking	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.7.1.

CVE-2025-23593HigFeb 3, 2025
WordPress
Emailpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha EmailPress emailpress allows Reflected XSS.This issue affects EmailPress: from n/a through <= 1.0.
CVE-2025-23591HigFeb 3, 2025
WordPress
Blu Logistics
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through <= 1.0.0.
CVE-2025-23590HigFeb 3, 2025
WordPress
Dezdy Mcommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dezdy.com Dezdy dezdy-mcommerce allows Reflected XSS.This issue affects Dezdy: from n/a through <= 1.0.
CVE-2025-23588HigFeb 3, 2025
WordPress
Best Css Compiler
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in baonguyenyam WOW Best CSS Compiler best-css-compiler allows Reflected XSS.This issue affects WOW Best CSS Compiler: from n/a through <= 2.0.2.
CVE-2025-23582HigFeb 3, 2025
WordPress
Bulk Categories Assign
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through <= 1.0.
CVE-2025-23491HigFeb 3, 2025
WordPress
Vstemplate Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikash Srivastava VSTEMPLATE Creator vstemplate-creator allows Reflected XSS.This issue affects VSTEMPLATE Creator: from n/a through <= 2.0.2.
CVE-2025-22775HigFeb 3, 2025
WordPress
Intelligent Importer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through <= 5.1.3.
CVE-2025-22704HigFeb 3, 2025
WordPress
Wordpress Signature
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through <= 0.1.
CVE-2025-22684HigFeb 3, 2025
WordPress
Wp Base Booking Of Appointments Services And Events
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through <= 5.0.0.
CVE-2025-22682HigFeb 3, 2025
WordPress
Hesabfa Accounting
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Reflected XSS.This issue affects Hesabfa Accounting: from n/a through <= 2.1.2.
CVE-2025-22679HigFeb 3, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager job-board-manager allows Reflected XSS.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-24718HigJan 31, 2025
WordPress
Activitytime
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Reflected XSS.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.1.
CVE-2025-24710HigJan 31, 2025
WordPress
Gwolle Gb
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook gwolle-gb allows Reflected XSS.This issue affects Gwolle Guestbook: from n/a through <= 4.7.1.
CVE-2025-24686HigJan 31, 2025
Metagauss
Registrationmagic
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through <= 6.0.3.3.
CVE-2025-24635HigJan 31, 2025
WordPress
Paytm Donation
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in integrationdevpaytm Paytm Payment Donation paytm-donation allows Reflected XSS.This issue affects Paytm Payment Donation: from n/a through <= 2.3.1.
CVE-2025-24632HigJan 31, 2025
WordPress
Advanced Dynamic Pricing For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Reflected XSS.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through <= 4.9.0.
CVE-2025-24609HigJan 31, 2025
WordPress
Iamport For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through <= 3.2.4.
CVE-2025-24608HigJan 31, 2025
WordPress
Gd Mail Queue
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Mail Queue gd-mail-queue allows Reflected XSS.This issue affects GD Mail Queue: from n/a through <= 4.3.
CVE-2025-24563HigJan 31, 2025
WordPress
Cleanup Light
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeglow Cleanup – Directory Listing & Classifieds WordPress Plugin cleanup-light allows Reflected XSS.This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through <= 1.0.4.
CVE-2025-24560HigJan 31, 2025
WordPress
Awesome Event Booking
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.7.1.