CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 92 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23966	WordPress A Gateway For Pasargad Bank On Woocommerce	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ala Falaki a Gateway for Pasargad Bank on WooCommerce a-gateway-for-pasargad-bank-on-woocommerce allows Reflected XSS.This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through <= 2.5.2.
CVE-2025-23959	WordPress Good Old Gallery	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery good-old-gallery allows Reflected XSS.This issue affects Good Old Gallery: from n/a through <= 2.1.2.
CVE-2025-23882	WordPress Wp Download Codes	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through <= 2.5.4.
CVE-2025-23874	WordPress Wp Block Pack	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through <= 1.1.6.
CVE-2025-23867	WordPress Wpfilesearch	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through <= 1.2.
CVE-2025-23866	WordPress Dsgvo	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E. Marten EU DSGVO Helper dsgvo allows Reflected XSS.This issue affects EU DSGVO Helper: from n/a through <= 1.0.6.1.
CVE-2025-23846	WordPress Flexible Blogtitle	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thaikolja Flexible Blogtitle flexible-blogtitle allows Reflected XSS.This issue affects Flexible Blogtitle: from n/a through <= 0.1.
CVE-2025-23812	WordPress Contact Form 7 Round Robin Lead Distribution	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows Reflected XSS.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through <= 1.2.1.
CVE-2025-23811	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ghasemy14 WP2APP wp2appir allows Reflected XSS.This issue affects WP2APP: from n/a through <= 2.6.2.
CVE-2025-23798	Buddypress Buddypress	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through <= 2.2.1.
CVE-2025-23770	WordPress Fast Tube	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caspie Fast Tube fast-tube allows Reflected XSS.This issue affects Fast Tube: from n/a through <= 2.3.1.
CVE-2025-23769	WordPress Content Mirror	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamsofmatter Content Mirror content-mirror allows Reflected XSS.This issue affects Content Mirror: from n/a through <= 1.2.
CVE-2025-23768	WordPress Infunding	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inwavethemes InFunding infunding allows Reflected XSS.This issue affects InFunding: from n/a through <= 1.0.
CVE-2025-23758	WordPress Pootle Button	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through <= 1.2.0.
CVE-2025-23746	WordPress Cmc Migrate	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edem CMC MIGRATE cmc-migrate allows Reflected XSS.This issue affects CMC MIGRATE: from n/a through <= 0.0.3.
CVE-2025-23732	WordPress Easy Filtering	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in franciscopalacios Easy Filtering easy-filtering allows Reflected XSS.This issue affects Easy Filtering: from n/a through <= 2.5.0.
CVE-2025-23709	WordPress Formatted Post	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kiroro Formatted post formatted-post allows Reflected XSS.This issue affects Formatted post: from n/a through <= 1.01.
CVE-2025-23706	WordPress Jet Skinner For Buddypress	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in milordk Jet Skinner for BuddyPress jet-skinner-for-buddypress allows Reflected XSS.This issue affects Jet Skinner for BuddyPress: from n/a through <= 1.2.5.
CVE-2025-23701	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through <= 1.4.0.
CVE-2025-23700	WordPress Ycyclista	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonisink yCyclista ycyclista allows Reflected XSS.This issue affects yCyclista: from n/a through <= 1.2.3.

CVE-2025-23966HigJan 22, 2025
WordPress
A Gateway For Pasargad Bank On Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ala Falaki a Gateway for Pasargad Bank on WooCommerce a-gateway-for-pasargad-bank-on-woocommerce allows Reflected XSS.This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through <= 2.5.2.
CVE-2025-23959HigJan 22, 2025
WordPress
Good Old Gallery
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery good-old-gallery allows Reflected XSS.This issue affects Good Old Gallery: from n/a through <= 2.1.2.
CVE-2025-23882HigJan 22, 2025
WordPress
Wp Download Codes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through <= 2.5.4.
CVE-2025-23874HigJan 22, 2025
WordPress
Wp Block Pack
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FalconTheme Team WP Block Pack wp-block-pack allows Reflected XSS.This issue affects WP Block Pack: from n/a through <= 1.1.6.
CVE-2025-23867HigJan 22, 2025
WordPress
Wpfilesearch
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through <= 1.2.
CVE-2025-23866HigJan 22, 2025
WordPress
Dsgvo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E. Marten EU DSGVO Helper dsgvo allows Reflected XSS.This issue affects EU DSGVO Helper: from n/a through <= 1.0.6.1.
CVE-2025-23846HigJan 22, 2025
WordPress
Flexible Blogtitle
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thaikolja Flexible Blogtitle flexible-blogtitle allows Reflected XSS.This issue affects Flexible Blogtitle: from n/a through <= 0.1.
CVE-2025-23812HigJan 22, 2025
WordPress
Contact Form 7 Round Robin Lead Distribution
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows Reflected XSS.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through <= 1.2.1.
CVE-2025-23811HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ghasemy14 WP2APP wp2appir allows Reflected XSS.This issue affects WP2APP: from n/a through <= 2.6.2.
CVE-2025-23798HigJan 22, 2025
Buddypress
Buddypress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElbowRobo Mass Messaging in BuddyPress mass-messaging-in-buddypress allows Reflected XSS.This issue affects Mass Messaging in BuddyPress: from n/a through <= 2.2.1.
CVE-2025-23770HigJan 22, 2025
WordPress
Fast Tube
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caspie Fast Tube fast-tube allows Reflected XSS.This issue affects Fast Tube: from n/a through <= 2.3.1.
CVE-2025-23769HigJan 22, 2025
WordPress
Content Mirror
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dreamsofmatter Content Mirror content-mirror allows Reflected XSS.This issue affects Content Mirror: from n/a through <= 1.2.
CVE-2025-23768HigJan 22, 2025
WordPress
Infunding
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inwavethemes InFunding infunding allows Reflected XSS.This issue affects InFunding: from n/a through <= 1.0.
CVE-2025-23758HigJan 22, 2025
WordPress
Pootle Button
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through <= 1.2.0.
CVE-2025-23746HigJan 22, 2025
WordPress
Cmc Migrate
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edem CMC MIGRATE cmc-migrate allows Reflected XSS.This issue affects CMC MIGRATE: from n/a through <= 0.0.3.
CVE-2025-23732HigJan 22, 2025
WordPress
Easy Filtering
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in franciscopalacios Easy Filtering easy-filtering allows Reflected XSS.This issue affects Easy Filtering: from n/a through <= 2.5.0.
CVE-2025-23709HigJan 22, 2025
WordPress
Formatted Post
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kiroro Formatted post formatted-post allows Reflected XSS.This issue affects Formatted post: from n/a through <= 1.01.
CVE-2025-23706HigJan 22, 2025
WordPress
Jet Skinner For Buddypress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in milordk Jet Skinner for BuddyPress jet-skinner-for-buddypress allows Reflected XSS.This issue affects Jet Skinner for BuddyPress: from n/a through <= 1.2.5.
CVE-2025-23701HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through <= 1.4.0.
CVE-2025-23700HigJan 22, 2025
WordPress
Ycyclista
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonisink yCyclista ycyclista allows Reflected XSS.This issue affects yCyclista: from n/a through <= 1.2.3.