CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 96 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-49300	WordPress Hmenu	Hig	0.46	7.1	Jan 21, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
CVE-2025-23828	WordPress Wordpress Data Guards	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sindhi WordPress Data Guard wordpress-data-guards allows Stored XSS.This issue affects WordPress Data Guard: from n/a through <= 8.
CVE-2025-23827	WordPress Strx Magic Floating Sidebar Maker	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through <= 1.4.1.
CVE-2025-23826	WordPress Stop Comment Spam	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through <= 0.5.3.
CVE-2025-23760	—	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.
CVE-2025-23699	WordPress Event Countdown Timer	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techmix Event Countdown Timer Plugin by TechMix event-countdown-timer allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through <= 1.4.
CVE-2025-23689	WordPress Blogger Image Import	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a.
CVE-2025-23623	WordPress Cf7 Cc Avenue Add On	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on cf7-cc-avenue-add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through <= 1.0.
CVE-2025-23620	WordPress Captchelfie Captcha By Selfie	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trof Captchelfie – Captcha by Selfie captchelfie-captcha-by-selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through <= 1.0.7.
CVE-2025-23547	WordPress Lh Login Page	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through <= 2.14.
CVE-2025-23453	WordPress Stars Smtp Mailer	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through <= 1.7.
CVE-2025-23452	WordPress Editionguard For Woocommerce Ebook Sales With Drm	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through <= 3.4.2.
CVE-2025-23438	WordPress Wp Ptviewer	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat WP PT-Viewer wp-ptviewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through <= 2.0.2.
CVE-2025-23432	WordPress Alt Report	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0.
CVE-2025-23429	WordPress Altima Lookbook Free For Woocommerce	Hig	0.46	7.1	Jan 16, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altima-interactive Altima Lookbook Free for WooCommerce altima-lookbook-free-for-woocommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through <= 1.1.0.
CVE-2025-22795	WordPress Multilang Contact Form	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.
CVE-2025-22793	WordPress Bold Pagos En Linea	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through <= 3.1.4.
CVE-2025-22778	WordPress Wp Lijit Wijit	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in damniel Lijit Search wp-lijit-wijit allows Reflected XSS.This issue affects Lijit Search: from n/a through <= 1.1.
CVE-2025-22776	WordPress Wp Bulletin Board	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codebycarter WP Bulletin Board wp-bulletin-board allows Reflected XSS.This issue affects WP Bulletin Board: from n/a through <= 1.1.4.
CVE-2025-22766	WordPress Zarinpal Paid Downloads	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download zarinpal-paid-downloads allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through <= 2.3.

CVE-2024-49300HigJan 21, 2025
WordPress
Hmenu
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
CVE-2025-23828HigJan 16, 2025
WordPress
Wordpress Data Guards
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sindhi WordPress Data Guard wordpress-data-guards allows Stored XSS.This issue affects WordPress Data Guard: from n/a through <= 8.
CVE-2025-23827HigJan 16, 2025
WordPress
Strx Magic Floating Sidebar Maker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through <= 1.4.1.
CVE-2025-23826HigJan 16, 2025
WordPress
Stop Comment Spam
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through <= 0.5.3.
CVE-2025-23760HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1.
CVE-2025-23699HigJan 16, 2025
WordPress
Event Countdown Timer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techmix Event Countdown Timer Plugin by TechMix event-countdown-timer allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through <= 1.4.
CVE-2025-23689HigJan 16, 2025
WordPress
Blogger Image Import
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a.
CVE-2025-23623HigJan 16, 2025
WordPress
Cf7 Cc Avenue Add On
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 – CCAvenue Add-on cf7-cc-avenue-add-on allows Reflected XSS.This issue affects Contact Form 7 – CCAvenue Add-on: from n/a through <= 1.0.
CVE-2025-23620HigJan 16, 2025
WordPress
Captchelfie Captcha By Selfie
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trof Captchelfie – Captcha by Selfie captchelfie-captcha-by-selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through <= 1.0.7.
CVE-2025-23547HigJan 16, 2025
WordPress
Lh Login Page
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through <= 2.14.
CVE-2025-23453HigJan 16, 2025
WordPress
Stars Smtp Mailer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through <= 1.7.
CVE-2025-23452HigJan 16, 2025
WordPress
Editionguard For Woocommerce Ebook Sales With Drm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through <= 3.4.2.
CVE-2025-23438HigJan 16, 2025
WordPress
Wp Ptviewer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Mimoun-Prat WP PT-Viewer wp-ptviewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through <= 2.0.2.
CVE-2025-23432HigJan 16, 2025
WordPress
Alt Report
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0.
CVE-2025-23429HigJan 16, 2025
WordPress
Altima Lookbook Free For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altima-interactive Altima Lookbook Free for WooCommerce altima-lookbook-free-for-woocommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through <= 1.1.0.
CVE-2025-22795HigJan 15, 2025
WordPress
Multilang Contact Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.
CVE-2025-22793HigJan 15, 2025
WordPress
Bold Pagos En Linea
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through <= 3.1.4.
CVE-2025-22778HigJan 15, 2025
WordPress
Wp Lijit Wijit
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in damniel Lijit Search wp-lijit-wijit allows Reflected XSS.This issue affects Lijit Search: from n/a through <= 1.1.
CVE-2025-22776HigJan 15, 2025
WordPress
Wp Bulletin Board
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codebycarter WP Bulletin Board wp-bulletin-board allows Reflected XSS.This issue affects WP Bulletin Board: from n/a through <= 1.1.4.
CVE-2025-22766HigJan 15, 2025
WordPress
Zarinpal Paid Downloads
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download zarinpal-paid-downloads allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through <= 2.3.