CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 91 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23834	WordPress Report Broken Links	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.
CVE-2025-23733	WordPress Sc Simple Zazzle	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sayoko SC Simple Zazzle sc-simple-zazzle allows Reflected XSS.This issue affects SC Simple Zazzle: from n/a through <= 1.1.6.
CVE-2025-23730	WordPress Flx Dashboard Groups	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through <= 0.0.7.
CVE-2025-23729	WordPress Xtra Settings	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fures XTRA Settings xtra-settings allows Reflected XSS.This issue affects XTRA Settings: from n/a through <= 2.1.8.
CVE-2025-23727	WordPress Az Content Finder	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonzaroutski AZ Content Finder az-content-finder allows Reflected XSS.This issue affects AZ Content Finder: from n/a through <= 0.1.
CVE-2025-23725	WordPress Accessibility Task Manager	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pshikli Accessibility Task Manager accessibility-task-manager allows Reflected XSS.This issue affects Accessibility Task Manager: from n/a through <= 1.2.1.
CVE-2025-23724	WordPress University Quizzes Online	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oleksandr87 University Quizzes Online university-quizzes-online allows Reflected XSS.This issue affects University Quizzes Online: from n/a through <= 1.4.
CVE-2025-23723	WordPress Plestar Directory Listing	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hdw player Plestar Directory Listing plestar-directory-listing allows Reflected XSS.This issue affects Plestar Directory Listing: from n/a through <= 1.0.
CVE-2025-23722	WordPress Mind3dom Ryebread Widgets	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through <= 1.0.
CVE-2025-23636	WordPress My Favorite Cars	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through <= 1.0.
CVE-2025-23634	WordPress Youmax Channel Embeds For Youtube Businesses	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through <= 1.9.
CVE-2025-23629	—	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasis Laha Gallerio gallerio allows Reflected XSS.This issue affects Gallerio: from n/a through <= 1.0.1.
CVE-2025-23628	WordPress Geodigs	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NewMediaOne GeoDigs geodigs allows Reflected XSS.This issue affects GeoDigs: from n/a through <= 3.4.1.
CVE-2025-23626	WordPress Kumihimo	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fukushima Kumihimo kumihimo allows Reflected XSS.This issue affects Kumihimo: from n/a through <= 1.0.2.
CVE-2025-23624	WordPress Wpdevtool	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Benoit WpDevTool wpdevtool allows Reflected XSS.This issue affects WpDevTool: from n/a through <= 0.1.1.
CVE-2025-23545	WordPress Wp Social Broadcast	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through <= 1.0.0.
CVE-2025-23544	WordPress Statpresscn	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN statpresscn allows Reflected XSS.This issue affects StatPressCN: from n/a through <= 1.9.1.
CVE-2025-23541	WordPress Ydn Download	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon.parker Download, Downloads ydn-download allows Reflected XSS.This issue affects Download, Downloads : from n/a through <= 1.4.2.
CVE-2025-23540	WordPress Wp Front End Login And Register	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Khan WP Front-end login and register wp-front-end-login-and-register allows Reflected XSS.This issue affects WP Front-end login and register: from n/a through <= 2.1.0.
CVE-2025-22264	WordPress Wp Query Creator	Hig	0.46	7.1	Jan 23, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through <= 1.0.

CVE-2025-23834HigJan 23, 2025
WordPress
Report Broken Links
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.
CVE-2025-23733HigJan 23, 2025
WordPress
Sc Simple Zazzle
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sayoko SC Simple Zazzle sc-simple-zazzle allows Reflected XSS.This issue affects SC Simple Zazzle: from n/a through <= 1.1.6.
CVE-2025-23730HigJan 23, 2025
WordPress
Flx Dashboard Groups
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flx0 FLX Dashboard Groups flx-dashboard-groups allows Reflected XSS.This issue affects FLX Dashboard Groups: from n/a through <= 0.0.7.
CVE-2025-23729HigJan 23, 2025
WordPress
Xtra Settings
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fures XTRA Settings xtra-settings allows Reflected XSS.This issue affects XTRA Settings: from n/a through <= 2.1.8.
CVE-2025-23727HigJan 23, 2025
WordPress
Az Content Finder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonzaroutski AZ Content Finder az-content-finder allows Reflected XSS.This issue affects AZ Content Finder: from n/a through <= 0.1.
CVE-2025-23725HigJan 23, 2025
WordPress
Accessibility Task Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pshikli Accessibility Task Manager accessibility-task-manager allows Reflected XSS.This issue affects Accessibility Task Manager: from n/a through <= 1.2.1.
CVE-2025-23724HigJan 23, 2025
WordPress
University Quizzes Online
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oleksandr87 University Quizzes Online university-quizzes-online allows Reflected XSS.This issue affects University Quizzes Online: from n/a through <= 1.4.
CVE-2025-23723HigJan 23, 2025
WordPress
Plestar Directory Listing
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hdw player Plestar Directory Listing plestar-directory-listing allows Reflected XSS.This issue affects Plestar Directory Listing: from n/a through <= 1.0.
CVE-2025-23722HigJan 23, 2025
WordPress
Mind3dom Ryebread Widgets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through <= 1.0.
CVE-2025-23636HigJan 23, 2025
WordPress
My Favorite Cars
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through <= 1.0.
CVE-2025-23634HigJan 23, 2025
WordPress
Youmax Channel Embeds For Youtube Businesses
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Reflected XSS.This issue affects Youtube Video Grid: from n/a through <= 1.9.
CVE-2025-23629HigJan 23, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasis Laha Gallerio gallerio allows Reflected XSS.This issue affects Gallerio: from n/a through <= 1.0.1.
CVE-2025-23628HigJan 23, 2025
WordPress
Geodigs
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NewMediaOne GeoDigs geodigs allows Reflected XSS.This issue affects GeoDigs: from n/a through <= 3.4.1.
CVE-2025-23626HigJan 23, 2025
WordPress
Kumihimo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fukushima Kumihimo kumihimo allows Reflected XSS.This issue affects Kumihimo: from n/a through <= 1.0.2.
CVE-2025-23624HigJan 23, 2025
WordPress
Wpdevtool
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Benoit WpDevTool wpdevtool allows Reflected XSS.This issue affects WpDevTool: from n/a through <= 0.1.1.
CVE-2025-23545HigJan 23, 2025
WordPress
Wp Social Broadcast
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through <= 1.0.0.
CVE-2025-23544HigJan 23, 2025
WordPress
Statpresscn
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN statpresscn allows Reflected XSS.This issue affects StatPressCN: from n/a through <= 1.9.1.
CVE-2025-23541HigJan 23, 2025
WordPress
Ydn Download
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon.parker Download, Downloads ydn-download allows Reflected XSS.This issue affects Download, Downloads : from n/a through <= 1.4.2.
CVE-2025-23540HigJan 23, 2025
WordPress
Wp Front End Login And Register
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Khan WP Front-end login and register wp-front-end-login-and-register allows Reflected XSS.This issue affects WP Front-end login and register: from n/a through <= 2.1.0.
CVE-2025-22264HigJan 23, 2025
WordPress
Wp Query Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel WP Query Creator wp-query-creator allows Reflected XSS.This issue affects WP Query Creator: from n/a through <= 1.0.