CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 90 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-22513	WordPress Simple Locator	Hig	0.46	7.1	Jan 27, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Simple Locator simple-locator allows Reflected XSS.This issue affects Simple Locator: from n/a through <= 2.0.4.
CVE-2025-24570	WordPress Atarim Visual Collaboration	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Stored XSS.This issue affects Atarim: from n/a through <= 4.0.8.
CVE-2025-23889	WordPress Foogallery Captions	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tormorten FooGallery Captions foogallery-captions allows Reflected XSS.This issue affects FooGallery Captions: from n/a through <= 1.0.2.
CVE-2025-23888	WordPress Custom Page Extensions	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GrandSlambert Custom Page Extensions custom-page-extensions allows Reflected XSS.This issue affects Custom Page Extensions: from n/a through <= 0.6.
CVE-2025-23885	WordPress Mj Contact Us	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anildhiman MJ Contact us mj-contact-us allows Reflected XSS.This issue affects MJ Contact us: from n/a through <= 5.2.3.
CVE-2025-23839	WordPress Sticky Chat Button	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through <= 1.0.
CVE-2025-23838	WordPress Bauernregeln	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rally Vincent Bauernregeln bauernregeln allows Reflected XSS.This issue affects Bauernregeln: from n/a through <= 1.0.1.
CVE-2025-23837	WordPress One Backend Language	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in martinjuhasz One Backend Language one-backend-language allows Reflected XSS.This issue affects One Backend Language: from n/a through <= 1.0.
CVE-2025-23737	WordPress Network Favorites	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thobian Network-Favorites network-favorites allows Reflected XSS.This issue affects Network-Favorites: from n/a through <= 1.1.
CVE-2025-23734	WordPress Go Sphinx	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through <= 0.1.
CVE-2025-23711	WordPress Quote Me	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quincy Kwende Quote me quote-me allows Reflected XSS.This issue affects Quote me: from n/a through <= 1.0.
CVE-2025-23622	WordPress Cbxwpsimpleaccounting	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Accounting & Bookkeeping cbxwpsimpleaccounting allows Reflected XSS.This issue affects CBX Accounting & Bookkeeping: from n/a through <= 1.3.14.
CVE-2025-23621	WordPress Causes	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in algothemes Causes – Donation Plugin causes allows Reflected XSS.This issue affects Causes – Donation Plugin: from n/a through <= 1.0.01.
CVE-2025-23522	WordPress Hm Portfolio	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Haines-Young HM Portfolio hm-portfolio allows Reflected XSS.This issue affects HM Portfolio: from n/a through <= 1.1.1.
CVE-2025-23427	WordPress Redux Converter	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Anderson / Team Updraft Redux Converter redux-converter allows Reflected XSS.This issue affects Redux Converter: from n/a through <= 1.1.3.1.
CVE-2025-22714	WordPress Mobile Dj Manager	Hig	0.46	7.1	Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Reflected XSS.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.6.
CVE-2025-23960	WordPress Save Import Image From Url	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL save-import-image-from-url allows Reflected XSS.This issue affects Save & Import Image from URL: from n/a through <= 0.7.
CVE-2025-23894	WordPress Wp Flickr Press	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tatsuya wp-flickr-press wp-flickr-press allows Reflected XSS.This issue affects wp-flickr-press: from n/a through <= 2.6.4.
CVE-2025-23836	WordPress Custom Coming Soon	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SuryaBhan Custom Coming Soon custom-coming-soon allows Reflected XSS.This issue affects Custom Coming Soon: from n/a through <= 2.2.
CVE-2025-23835	WordPress Legal Plus	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through <= 1.0.

CVE-2025-22513HigJan 27, 2025
WordPress
Simple Locator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Simple Locator simple-locator allows Reflected XSS.This issue affects Simple Locator: from n/a through <= 2.0.4.
CVE-2025-24570HigJan 24, 2025
WordPress
Atarim Visual Collaboration
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Stored XSS.This issue affects Atarim: from n/a through <= 4.0.8.
CVE-2025-23889HigJan 24, 2025
WordPress
Foogallery Captions
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tormorten FooGallery Captions foogallery-captions allows Reflected XSS.This issue affects FooGallery Captions: from n/a through <= 1.0.2.
CVE-2025-23888HigJan 24, 2025
WordPress
Custom Page Extensions
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GrandSlambert Custom Page Extensions custom-page-extensions allows Reflected XSS.This issue affects Custom Page Extensions: from n/a through <= 0.6.
CVE-2025-23885HigJan 24, 2025
WordPress
Mj Contact Us
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anildhiman MJ Contact us mj-contact-us allows Reflected XSS.This issue affects MJ Contact us: from n/a through <= 5.2.3.
CVE-2025-23839HigJan 24, 2025
WordPress
Sticky Chat Button
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through <= 1.0.
CVE-2025-23838HigJan 24, 2025
WordPress
Bauernregeln
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rally Vincent Bauernregeln bauernregeln allows Reflected XSS.This issue affects Bauernregeln: from n/a through <= 1.0.1.
CVE-2025-23837HigJan 24, 2025
WordPress
One Backend Language
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in martinjuhasz One Backend Language one-backend-language allows Reflected XSS.This issue affects One Backend Language: from n/a through <= 1.0.
CVE-2025-23737HigJan 24, 2025
WordPress
Network Favorites
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thobian Network-Favorites network-favorites allows Reflected XSS.This issue affects Network-Favorites: from n/a through <= 1.1.
CVE-2025-23734HigJan 24, 2025
WordPress
Go Sphinx
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson Gigaom Sphinx go-sphinx allows Reflected XSS.This issue affects Gigaom Sphinx: from n/a through <= 0.1.
CVE-2025-23711HigJan 24, 2025
WordPress
Quote Me
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quincy Kwende Quote me quote-me allows Reflected XSS.This issue affects Quote me: from n/a through <= 1.0.
CVE-2025-23622HigJan 24, 2025
WordPress
Cbxwpsimpleaccounting
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Accounting & Bookkeeping cbxwpsimpleaccounting allows Reflected XSS.This issue affects CBX Accounting & Bookkeeping: from n/a through <= 1.3.14.
CVE-2025-23621HigJan 24, 2025
WordPress
Causes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in algothemes Causes – Donation Plugin causes allows Reflected XSS.This issue affects Causes – Donation Plugin: from n/a through <= 1.0.01.
CVE-2025-23522HigJan 24, 2025
WordPress
Hm Portfolio
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Haines-Young HM Portfolio hm-portfolio allows Reflected XSS.This issue affects HM Portfolio: from n/a through <= 1.1.1.
CVE-2025-23427HigJan 24, 2025
WordPress
Redux Converter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Anderson / Team Updraft Redux Converter redux-converter allows Reflected XSS.This issue affects Redux Converter: from n/a through <= 1.1.3.1.
CVE-2025-22714HigJan 24, 2025
WordPress
Mobile Dj Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Reflected XSS.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.6.
CVE-2025-23960HigJan 23, 2025
WordPress
Save Import Image From Url
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL save-import-image-from-url allows Reflected XSS.This issue affects Save & Import Image from URL: from n/a through <= 0.7.
CVE-2025-23894HigJan 23, 2025
WordPress
Wp Flickr Press
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tatsuya wp-flickr-press wp-flickr-press allows Reflected XSS.This issue affects wp-flickr-press: from n/a through <= 2.6.4.
CVE-2025-23836HigJan 23, 2025
WordPress
Custom Coming Soon
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SuryaBhan Custom Coming Soon custom-coming-soon allows Reflected XSS.This issue affects Custom Coming Soon: from n/a through <= 2.2.
CVE-2025-23835HigJan 23, 2025
WordPress
Legal Plus
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jmraya Legal + legal-plus allows Reflected XSS.This issue affects Legal +: from n/a through <= 1.0.