CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 95 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-23475	WordPress History Timeline	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fireantology History timeline history-timeline allows Reflected XSS.This issue affects History timeline: from n/a through <= 0.7.2.
CVE-2025-23462	WordPress Fwd Slider	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anil Jailta FWD Slider fwd-slider allows Reflected XSS.This issue affects FWD Slider: from n/a through <= 1.0.
CVE-2025-23449	WordPress Simple Shortcode Buttons	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through <= 1.3.2.
CVE-2025-22772	WordPress Mapbox For Wp Advanced	Hig	0.46	7.1	Jan 22, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stephanemartinw Mapbox for WP Advanced mapbox-for-wp-advanced allows Reflected XSS.This issue affects Mapbox for WP Advanced: from n/a through <= 1.0.0.
CVE-2025-23994	WordPress Estatebud Properties Listings	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings estatebud-properties-listings allows Stored XSS.This issue affects Estatebud – Properties & Listings: from n/a through <= 5.5.0.
CVE-2025-23580	—	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through <= 1.1.
CVE-2025-23551	WordPress Sexbundle	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp SexBundle sexbundle allows Reflected XSS.This issue affects SexBundle: from n/a through <= 1.4.
CVE-2025-23489	WordPress Wp Announcements	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner WP-Announcements wp-announcements allows Reflected XSS.This issue affects WP-Announcements: from n/a through <= 1.8.
CVE-2025-23461	WordPress Social2blog	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through <= 0.2.990.
CVE-2025-23454	WordPress Vertical Diamond Flipbook Flash	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook vertical-diamond-flipbook-flash allows Reflected XSS.This issue affects Nature FlipBook: from n/a through <= 1.7.
CVE-2025-23998	Rarathemes The Ultralight	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2.
CVE-2025-22763	Brizy Brizy	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
CVE-2025-22735	WordPress Tag Groups	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through <= 2.0.4.
CVE-2025-22733	WordPress My Auctions Allegro Free Edition	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.18.
CVE-2025-22719	WordPress Vikappointments	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikAppointments Services Booking Calendar vikappointments allows Stored XSS.This issue affects VikAppointments Services Booking Calendar: from n/a through <= 1.2.16.
CVE-2025-22711	WordPress Image Source Control Isc	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through <= 2.29.0.
CVE-2025-22709	WordPress Verge3d	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through <= 4.8.0.
CVE-2025-22706	WordPress Social Pug Author Box	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0.
CVE-2025-22322	WordPress Userpro Messaging	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through <= 4.10.0.
CVE-2024-49700	WordPress Arprice	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARPrice arprice allows Reflected XSS.This issue affects ARPrice: from n/a through <= 4.1.3.

CVE-2025-23475HigJan 22, 2025
WordPress
History Timeline
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fireantology History timeline history-timeline allows Reflected XSS.This issue affects History timeline: from n/a through <= 0.7.2.
CVE-2025-23462HigJan 22, 2025
WordPress
Fwd Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anil Jailta FWD Slider fwd-slider allows Reflected XSS.This issue affects FWD Slider: from n/a through <= 1.0.
CVE-2025-23449HigJan 22, 2025
WordPress
Simple Shortcode Buttons
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through <= 1.3.2.
CVE-2025-22772HigJan 22, 2025
WordPress
Mapbox For Wp Advanced
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stephanemartinw Mapbox for WP Advanced mapbox-for-wp-advanced allows Reflected XSS.This issue affects Mapbox for WP Advanced: from n/a through <= 1.0.0.
CVE-2025-23994HigJan 21, 2025
WordPress
Estatebud Properties Listings
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings estatebud-properties-listings allows Stored XSS.This issue affects Estatebud – Properties & Listings: from n/a through <= 5.5.0.
CVE-2025-23580HigJan 21, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through <= 1.1.
CVE-2025-23551HigJan 21, 2025
WordPress
Sexbundle
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp SexBundle sexbundle allows Reflected XSS.This issue affects SexBundle: from n/a through <= 1.4.
CVE-2025-23489HigJan 21, 2025
WordPress
Wp Announcements
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner WP-Announcements wp-announcements allows Reflected XSS.This issue affects WP-Announcements: from n/a through <= 1.8.
CVE-2025-23461HigJan 21, 2025
WordPress
Social2blog
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through <= 0.2.990.
CVE-2025-23454HigJan 21, 2025
WordPress
Vertical Diamond Flipbook Flash
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook vertical-diamond-flipbook-flash allows Reflected XSS.This issue affects Nature FlipBook: from n/a through <= 1.7.
CVE-2025-23998HigJan 21, 2025
Rarathemes
The Ultralight
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2.
CVE-2025-22763HigJan 21, 2025
Brizy
Brizy
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1.
CVE-2025-22735HigJan 21, 2025
WordPress
Tag Groups
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Burge WordPress Tag Cloud Plugin – Tag Groups tag-groups allows Reflected XSS.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through <= 2.0.4.
CVE-2025-22733HigJan 21, 2025
WordPress
My Auctions Allegro Free Edition
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.18.
CVE-2025-22719HigJan 21, 2025
WordPress
Vikappointments
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikAppointments Services Booking Calendar vikappointments allows Stored XSS.This issue affects VikAppointments Services Booking Calendar: from n/a through <= 1.2.16.
CVE-2025-22711HigJan 21, 2025
WordPress
Image Source Control Isc
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through <= 2.29.0.
CVE-2025-22709HigJan 21, 2025
WordPress
Verge3d
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through <= 4.8.0.
CVE-2025-22706HigJan 21, 2025
WordPress
Social Pug Author Box
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0.
CVE-2025-22322HigJan 21, 2025
WordPress
Userpro Messaging
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through <= 4.10.0.
CVE-2024-49700HigJan 21, 2025
WordPress
Arprice
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARPrice arprice allows Reflected XSS.This issue affects ARPrice: from n/a through <= 4.1.3.