CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 89 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-24551	WordPress Variations Radio Buttons For Woocommerce	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oneteamsoftware Radio Buttons and Swatches for WooCommerce variations-radio-buttons-for-woocommerce allows Reflected XSS.This issue affects Radio Buttons and Swatches for WooCommerce: from n/a through <= 1.1.20.
CVE-2025-24535	WordPress Skt Donation	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Donation skt-donation allows Reflected XSS.This issue affects SKT Donation: from n/a through <= 1.9.
CVE-2025-24534	WordPress Dportfolio	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dinamiko DPortfolio dportfolio allows Reflected XSS.This issue affects DPortfolio: from n/a through <= 2.0.
CVE-2025-23759	WordPress Affiliate Tools Viet Nam	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gavin Affiliate Tools Việt Nam affiliate-tools-viet-nam allows Reflected XSS.This issue affects Affiliate Tools Việt Nam: from n/a through <= 0.3.17.
CVE-2025-23671	WordPress Wp Opensearch	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through <= 1.0.
CVE-2025-23596	WordPress Notifikacie Sk	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grafeon Notifikácie.sk notifikacie-sk allows Reflected XSS.This issue affects Notifikácie.sk: from n/a through <= 1.0.
CVE-2025-22564	WordPress Pretty Url	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Pretty Url pretty-url allows Reflected XSS.This issue affects Pretty Url: from n/a through <= 1.5.4.
CVE-2025-22341	WordPress Hide Login	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in parswp Hide Login+ hide-login allows Reflected XSS.This issue affects Hide Login+: from n/a through <= 3.5.1.
CVE-2025-22332	WordPress Cloudflare Cache Purge	Hig	0.46	7.1	Jan 31, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanaver CloudFlare(R) Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlare(R) Cache Purge: from n/a through <= 1.2.
CVE-2025-24708	WordPress Cf7 Dynamics Crm	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.6.
CVE-2025-24680	Wpexperts Wp Multi Store Locator	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7.
CVE-2025-24626	WordPress Music Store	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through <= 1.1.19.
CVE-2025-24593	Wisdmlabs Edwiser Bridge	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.
CVE-2025-23756	WordPress Lawpress	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanchernyakov LawPress – Law Firm Website Management lawpress allows Reflected XSS.This issue affects LawPress – Law Firm Website Management: from n/a through <= 1.4.5.
CVE-2025-23754	WordPress The Loops	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops the-loops allows Reflected XSS.This issue affects The Loops: from n/a through <= 1.0.2.
CVE-2025-23752	WordPress Shopp Arrange	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clifton Griffin CGD Arrange Terms shopp-arrange allows Reflected XSS.This issue affects CGD Arrange Terms: from n/a through <= 1.1.3.
CVE-2025-23574	WordPress Cubepm	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through <= 1.0.
CVE-2025-23531	WordPress Rsvpmaker Volunteer Roles	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through <= 1.5.1.
CVE-2025-23792	—	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through <= 1.1.6.
CVE-2025-23457	WordPress Shipdeo Woo	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shipdeoplugin Shipdeo shipdeo-woo allows Reflected XSS.This issue affects Shipdeo: from n/a through <= 1.2.8.

CVE-2025-24551HigJan 31, 2025
WordPress
Variations Radio Buttons For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oneteamsoftware Radio Buttons and Swatches for WooCommerce variations-radio-buttons-for-woocommerce allows Reflected XSS.This issue affects Radio Buttons and Swatches for WooCommerce: from n/a through <= 1.1.20.
CVE-2025-24535HigJan 31, 2025
WordPress
Skt Donation
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Donation skt-donation allows Reflected XSS.This issue affects SKT Donation: from n/a through <= 1.9.
CVE-2025-24534HigJan 31, 2025
WordPress
Dportfolio
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dinamiko DPortfolio dportfolio allows Reflected XSS.This issue affects DPortfolio: from n/a through <= 2.0.
CVE-2025-23759HigJan 31, 2025
WordPress
Affiliate Tools Viet Nam
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gavin Affiliate Tools Việt Nam affiliate-tools-viet-nam allows Reflected XSS.This issue affects Affiliate Tools Việt Nam: from n/a through <= 0.3.17.
CVE-2025-23671HigJan 31, 2025
WordPress
Wp Opensearch
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through <= 1.0.
CVE-2025-23596HigJan 31, 2025
WordPress
Notifikacie Sk
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grafeon Notifikácie.sk notifikacie-sk allows Reflected XSS.This issue affects Notifikácie.sk: from n/a through <= 1.0.
CVE-2025-22564HigJan 31, 2025
WordPress
Pretty Url
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Pretty Url pretty-url allows Reflected XSS.This issue affects Pretty Url: from n/a through <= 1.5.4.
CVE-2025-22341HigJan 31, 2025
WordPress
Hide Login
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in parswp Hide Login+ hide-login allows Reflected XSS.This issue affects Hide Login+: from n/a through <= 3.5.1.
CVE-2025-22332HigJan 31, 2025
WordPress
Cloudflare Cache Purge
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanaver CloudFlare(R) Cache Purge cloudflare-cache-purge allows Reflected XSS.This issue affects CloudFlare(R) Cache Purge: from n/a through <= 1.2.
CVE-2025-24708HigJan 27, 2025
WordPress
Cf7 Dynamics Crm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.6.
CVE-2025-24680HigJan 27, 2025
Wpexperts
Wp Multi Store Locator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7.
CVE-2025-24626HigJan 27, 2025
WordPress
Music Store
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through <= 1.1.19.
CVE-2025-24593HigJan 27, 2025
Wisdmlabs
Edwiser Bridge
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.
CVE-2025-23756HigJan 27, 2025
WordPress
Lawpress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanchernyakov LawPress – Law Firm Website Management lawpress allows Reflected XSS.This issue affects LawPress – Law Firm Website Management: from n/a through <= 1.4.5.
CVE-2025-23754HigJan 27, 2025
WordPress
The Loops
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops the-loops allows Reflected XSS.This issue affects The Loops: from n/a through <= 1.0.2.
CVE-2025-23752HigJan 27, 2025
WordPress
Shopp Arrange
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clifton Griffin CGD Arrange Terms shopp-arrange allows Reflected XSS.This issue affects CGD Arrange Terms: from n/a through <= 1.1.3.
CVE-2025-23574HigJan 27, 2025
WordPress
Cubepm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM cubepm allows Reflected XSS.This issue affects CubePM: from n/a through <= 1.0.
CVE-2025-23531HigJan 27, 2025
WordPress
Rsvpmaker Volunteer Roles
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidfcarr RSVPMaker Volunteer Roles rsvpmaker-volunteer-roles allows Reflected XSS.This issue affects RSVPMaker Volunteer Roles: from n/a through <= 1.5.1.
CVE-2025-23792HigJan 27, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint passwordless-wp allows Reflected XSS.This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through <= 1.1.6.
CVE-2025-23457HigJan 27, 2025
WordPress
Shipdeo Woo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shipdeoplugin Shipdeo shipdeo-woo allows Reflected XSS.This issue affects Shipdeo: from n/a through <= 1.2.8.