CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 93 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23697	WordPress Podclankova Inzerce	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webdeal Podčlánková inzerce podclankova-inzerce allows Reflected XSS.This issue affects Podčlánková inzerce: from n/a through <= 2.4.0.
CVE-2025-23696	WordPress Staging Cdn	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronan Mockett Staging CDN staging-cdn allows Reflected XSS.This issue affects Staging CDN: from n/a through <= 1.0.0.
CVE-2025-23695	WordPress Hyp3rl0cal City Search	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kinlane CtyGrid Hyp3rL0cal Search hyp3rl0cal-city-search allows Reflected XSS.This issue affects CtyGrid Hyp3rL0cal Search: from n/a through <= 0.1.1.1.
CVE-2025-23686	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through <= 1.0.1.
CVE-2025-23683	WordPress Macme	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xdxdVSxdxd MACME macme allows Reflected XSS.This issue affects MACME: from n/a through <= 1.2.
CVE-2025-23682	WordPress Preloader Quotes	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bhuvnesh Gupta Preloader Quotes preloader-quotes allows Reflected XSS.This issue affects Preloader Quotes: from n/a through <= 1.0.0.
CVE-2025-23681	WordPress Redirection Plus	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat REDIRECTION PLUS redirection-plus allows Reflected XSS.This issue affects REDIRECTION PLUS: from n/a through <= 2.0.0.
CVE-2025-23679	WordPress Fp Rss Category Excluder	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flourish Pixel FP RSS Category Excluder fp-rss-category-excluder allows Reflected XSS.This issue affects FP RSS Category Excluder: from n/a through <= 1.0.0.
CVE-2025-23678	WordPress Localgrid	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Imranur Rahman LocalGrid localgrid allows Reflected XSS.This issue affects LocalGrid: from n/a through <= 1.0.1.
CVE-2025-23676	WordPress Lh Email	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH Email lh-email allows Reflected XSS.This issue affects LH Email: from n/a through <= 1.12.
CVE-2025-23674	WordPress Bitly Linker	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andygauk Bit.ly linker bitly-linker allows Reflected XSS.This issue affects Bit.ly linker: from n/a through <= 1.1.
CVE-2025-23672	WordPress Instant Appointment	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through <= 1.2.
CVE-2025-23643	WordPress Readme Creator	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in a.ankit ReadMe Creator readme-creator allows Reflected XSS.This issue affects ReadMe Creator: from n/a through <= 1.0.
CVE-2025-23631	WordPress Content Planner	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Lewis Content Planner content-planner allows Reflected XSS.This issue affects Content Planner: from n/a through <= 1.0.
CVE-2025-23630	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad A.Khan Cyber Slider cyber-new-slider allows Reflected XSS.This issue affects Cyber Slider: from n/a through <= 1.1.
CVE-2025-23625	WordPress Unique Ux	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode Unique UX unique-ux allows Reflected XSS.This issue affects Unique UX: from n/a through <= 0.9.2.
CVE-2025-23611	WordPress Wh Cache And Security	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webhue WH Cache & Security wh-cache-and-security allows Reflected XSS.This issue affects WH Cache & Security: from n/a through <= 1.1.2.
CVE-2025-23610	WordPress Ultimate Events	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tehsmash Ultimate Events ultimate-events allows Reflected XSS.This issue affects Ultimate Events: from n/a through <= 1.3.3.
CVE-2025-23609	WordPress Tagesteller	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Helle1 Tagesteller tagesteller allows Reflected XSS.This issue affects Tagesteller: from n/a through <= v.1.1.
CVE-2025-23607	WordPress Camoo Sms	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camoo Sarl CAMOO SMS camoo-sms allows Reflected XSS.This issue affects CAMOO SMS: from n/a through <= 3.0.1.

CVE-2025-23697HigJan 22, 2025
WordPress
Podclankova Inzerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webdeal Podčlánková inzerce podclankova-inzerce allows Reflected XSS.This issue affects Podčlánková inzerce: from n/a through <= 2.4.0.
CVE-2025-23696HigJan 22, 2025
WordPress
Staging Cdn
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronan Mockett Staging CDN staging-cdn allows Reflected XSS.This issue affects Staging CDN: from n/a through <= 1.0.0.
CVE-2025-23695HigJan 22, 2025
WordPress
Hyp3rl0cal City Search
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kinlane CtyGrid Hyp3rL0cal Search hyp3rl0cal-city-search allows Reflected XSS.This issue affects CtyGrid Hyp3rL0cal Search: from n/a through <= 0.1.1.1.
CVE-2025-23686HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through <= 1.0.1.
CVE-2025-23683HigJan 22, 2025
WordPress
Macme
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xdxdVSxdxd MACME macme allows Reflected XSS.This issue affects MACME: from n/a through <= 1.2.
CVE-2025-23682HigJan 22, 2025
WordPress
Preloader Quotes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bhuvnesh Gupta Preloader Quotes preloader-quotes allows Reflected XSS.This issue affects Preloader Quotes: from n/a through <= 1.0.0.
CVE-2025-23681HigJan 22, 2025
WordPress
Redirection Plus
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat REDIRECTION PLUS redirection-plus allows Reflected XSS.This issue affects REDIRECTION PLUS: from n/a through <= 2.0.0.
CVE-2025-23679HigJan 22, 2025
WordPress
Fp Rss Category Excluder
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flourish Pixel FP RSS Category Excluder fp-rss-category-excluder allows Reflected XSS.This issue affects FP RSS Category Excluder: from n/a through <= 1.0.0.
CVE-2025-23678HigJan 22, 2025
WordPress
Localgrid
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Imranur Rahman LocalGrid localgrid allows Reflected XSS.This issue affects LocalGrid: from n/a through <= 1.0.1.
CVE-2025-23676HigJan 22, 2025
WordPress
Lh Email
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH Email lh-email allows Reflected XSS.This issue affects LH Email: from n/a through <= 1.12.
CVE-2025-23674HigJan 22, 2025
WordPress
Bitly Linker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andygauk Bit.ly linker bitly-linker allows Reflected XSS.This issue affects Bit.ly linker: from n/a through <= 1.1.
CVE-2025-23672HigJan 22, 2025
WordPress
Instant Appointment
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through <= 1.2.
CVE-2025-23643HigJan 22, 2025
WordPress
Readme Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in a.ankit ReadMe Creator readme-creator allows Reflected XSS.This issue affects ReadMe Creator: from n/a through <= 1.0.
CVE-2025-23631HigJan 22, 2025
WordPress
Content Planner
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Lewis Content Planner content-planner allows Reflected XSS.This issue affects Content Planner: from n/a through <= 1.0.
CVE-2025-23630HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad A.Khan Cyber Slider cyber-new-slider allows Reflected XSS.This issue affects Cyber Slider: from n/a through <= 1.1.
CVE-2025-23625HigJan 22, 2025
WordPress
Unique Ux
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode Unique UX unique-ux allows Reflected XSS.This issue affects Unique UX: from n/a through <= 0.9.2.
CVE-2025-23611HigJan 22, 2025
WordPress
Wh Cache And Security
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webhue WH Cache & Security wh-cache-and-security allows Reflected XSS.This issue affects WH Cache & Security: from n/a through <= 1.1.2.
CVE-2025-23610HigJan 22, 2025
WordPress
Ultimate Events
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tehsmash Ultimate Events ultimate-events allows Reflected XSS.This issue affects Ultimate Events: from n/a through <= 1.3.3.
CVE-2025-23609HigJan 22, 2025
WordPress
Tagesteller
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Helle1 Tagesteller tagesteller allows Reflected XSS.This issue affects Tagesteller: from n/a through <= v.1.1.
CVE-2025-23607HigJan 22, 2025
WordPress
Camoo Sms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camoo Sarl CAMOO SMS camoo-sms allows Reflected XSS.This issue affects CAMOO SMS: from n/a through <= 3.0.1.