CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 94 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23606	WordPress Calendi	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sebkay Calendi calendi allows Reflected XSS.This issue affects Calendi: from n/a through <= 1.1.1.
CVE-2025-23605	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lampd Call To Action Popup call-to-action-popup allows Reflected XSS.This issue affects Call To Action Popup: from n/a through <= 1.0.2.
CVE-2025-23604	WordPress Reloaded Rezdy	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maeve Lander Rezdy Reloaded reloaded-rezdy allows Stored XSS.This issue affects Rezdy Reloaded: from n/a through <= 1.0.1.
CVE-2025-23603	WordPress Group Category Creator	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MohammadJafar Khajeh Group category creator group-category-creator allows Reflected XSS.This issue affects Group category creator: from n/a through <= 1.3.0.3.
CVE-2025-23602	WordPress Eelv Newsletter	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through <= 4.8.2.
CVE-2025-23601	WordPress Tab My Content	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patrice Tab My Content tab-my-content allows Reflected XSS.This issue affects Tab My Content: from n/a through <= 1.0.0.
CVE-2025-23597	WordPress Rio Photo Gallery	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sabareesha Rio Photo Gallery rio-photo-gallery allows Reflected XSS.This issue affects Rio Photo Gallery: from n/a through <= 0.1.
CVE-2025-23592	WordPress Dforms	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in animexxx dForms dforms allows Reflected XSS.This issue affects dForms: from n/a through <= 1.0.
CVE-2025-23589	WordPress Contentoptin	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markugwuanyi ContentOptin Lite contentoptin allows Reflected XSS.This issue affects ContentOptin Lite: from n/a through <= 1.1.
CVE-2025-23583	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership explara-membership allows Reflected XSS.This issue affects Explara Membership: from n/a through <= 0.0.7.
CVE-2025-23578	WordPress Css Addons	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through <= 1.9.1.
CVE-2025-23548	WordPress Responsivity	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bilal TAS Responsivity responsivity allows Reflected XSS.This issue affects Responsivity: from n/a through <= 0.0.6.
CVE-2025-23535	WordPress Drag And Drop Custom Sidebar	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in martin_ziegert REAL WordPress Sidebar drag-and-drop-custom-sidebar allows Stored XSS.This issue affects REAL WordPress Sidebar: from n/a through <= 0.1.
CVE-2025-23509	—	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in siteheart HyperComments comments-with-hypercommentscom allows Reflected XSS.This issue affects HyperComments: from n/a through <= 0.9.6.
CVE-2025-23507	WordPress Blrt Wp Embed	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows Reflected XSS.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.
CVE-2025-23506	WordPress Wp Imap Authentication	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imsoftware WP IMAP Auth wp-imap-authentication allows Reflected XSS.This issue affects WP IMAP Auth: from n/a through <= 4.0.1.
CVE-2025-23503	WordPress Customizable Captcha And Contact Us Form	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osolwordpress Customizable Captcha and Contact Us customizable-captcha-and-contact-us-form allows Reflected XSS.This issue affects Customizable Captcha and Contact Us: from n/a through <= 1.0.2.
CVE-2025-23500	WordPress Simple Content Construction Kit	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Simple Custom post type custom field simple-content-construction-kit allows Reflected XSS.This issue affects Simple Custom post type custom field: from n/a through <= 1.0.3.
CVE-2025-23498	WordPress Translation Pro	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentLocalized Translation.Pro translation-pro allows Reflected XSS.This issue affects Translation.Pro: from n/a through <= 1.0.0.
CVE-2025-23495	WordPress Woocommerce Order Searching	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through <= 1.1.0.

CVE-2025-23606HigJan 22, 2025
WordPress
Calendi
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sebkay Calendi calendi allows Reflected XSS.This issue affects Calendi: from n/a through <= 1.1.1.
CVE-2025-23605HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lampd Call To Action Popup call-to-action-popup allows Reflected XSS.This issue affects Call To Action Popup: from n/a through <= 1.0.2.
CVE-2025-23604HigJan 22, 2025
WordPress
Reloaded Rezdy
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maeve Lander Rezdy Reloaded reloaded-rezdy allows Stored XSS.This issue affects Rezdy Reloaded: from n/a through <= 1.0.1.
CVE-2025-23603HigJan 22, 2025
WordPress
Group Category Creator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MohammadJafar Khajeh Group category creator group-category-creator allows Reflected XSS.This issue affects Group category creator: from n/a through <= 1.3.0.3.
CVE-2025-23602HigJan 22, 2025
WordPress
Eelv Newsletter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Reflected XSS.This issue affects EELV Newsletter: from n/a through <= 4.8.2.
CVE-2025-23601HigJan 22, 2025
WordPress
Tab My Content
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patrice Tab My Content tab-my-content allows Reflected XSS.This issue affects Tab My Content: from n/a through <= 1.0.0.
CVE-2025-23597HigJan 22, 2025
WordPress
Rio Photo Gallery
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sabareesha Rio Photo Gallery rio-photo-gallery allows Reflected XSS.This issue affects Rio Photo Gallery: from n/a through <= 0.1.
CVE-2025-23592HigJan 22, 2025
WordPress
Dforms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in animexxx dForms dforms allows Reflected XSS.This issue affects dForms: from n/a through <= 1.0.
CVE-2025-23589HigJan 22, 2025
WordPress
Contentoptin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markugwuanyi ContentOptin Lite contentoptin allows Reflected XSS.This issue affects ContentOptin Lite: from n/a through <= 1.1.
CVE-2025-23583HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership explara-membership allows Reflected XSS.This issue affects Explara Membership: from n/a through <= 0.0.7.
CVE-2025-23578HigJan 22, 2025
WordPress
Css Addons
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through <= 1.9.1.
CVE-2025-23548HigJan 22, 2025
WordPress
Responsivity
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bilal TAS Responsivity responsivity allows Reflected XSS.This issue affects Responsivity: from n/a through <= 0.0.6.
CVE-2025-23535HigJan 22, 2025
WordPress
Drag And Drop Custom Sidebar
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in martin_ziegert REAL WordPress Sidebar drag-and-drop-custom-sidebar allows Stored XSS.This issue affects REAL WordPress Sidebar: from n/a through <= 0.1.
CVE-2025-23509HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in siteheart HyperComments comments-with-hypercommentscom allows Reflected XSS.This issue affects HyperComments: from n/a through <= 0.9.6.
CVE-2025-23507HigJan 22, 2025
WordPress
Blrt Wp Embed
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows Reflected XSS.This issue affects Blrt WP Embed: from n/a through <= 1.6.9.
CVE-2025-23506HigJan 22, 2025
WordPress
Wp Imap Authentication
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imsoftware WP IMAP Auth wp-imap-authentication allows Reflected XSS.This issue affects WP IMAP Auth: from n/a through <= 4.0.1.
CVE-2025-23503HigJan 22, 2025
WordPress
Customizable Captcha And Contact Us Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osolwordpress Customizable Captcha and Contact Us customizable-captcha-and-contact-us-form allows Reflected XSS.This issue affects Customizable Captcha and Contact Us: from n/a through <= 1.0.2.
CVE-2025-23500HigJan 22, 2025
WordPress
Simple Content Construction Kit
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faaiq Simple Custom post type custom field simple-content-construction-kit allows Reflected XSS.This issue affects Simple Custom post type custom field: from n/a through <= 1.0.3.
CVE-2025-23498HigJan 22, 2025
WordPress
Translation Pro
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ContentLocalized Translation.Pro translation-pro allows Reflected XSS.This issue affects Translation.Pro: from n/a through <= 1.0.0.
CVE-2025-23495HigJan 22, 2025
WordPress
Woocommerce Order Searching
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through <= 1.1.0.