CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 97 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-22765	WordPress Wp Order By	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weiluri WP Order By wp-order-by allows Reflected XSS.This issue affects WP Order By: from n/a through <= 1.4.2.
CVE-2025-22764	WordPress Wp Post Corrector	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vipul Jariwala WP Post Corrector wp-post-corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through <= 1.0.2.
CVE-2025-22760	Codebard Codebard Help Desk	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through <= 1.1.2.
CVE-2025-22755	WordPress Wp Headmaster	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bavington WP Headmaster wp-headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through <= 0.3.
CVE-2025-22754	WordPress Amberlink	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a through <= 1.4.4.
CVE-2025-22753	WordPress Turbosmtp	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in turboSMTP turboSMTP turbosmtp allows Reflected XSS.This issue affects turboSMTP: from n/a through <= 4.6.
CVE-2025-22752	Gsheetconnector Gsheetconnector For Forminator Forms	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through <= 1.0.12.
CVE-2025-22751	WordPress Partners	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Partners partners allows Reflected XSS.This issue affects Partners: from n/a through <= 0.2.0.
CVE-2025-22750	WordPress Post Types Carousel Slider	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel Post Carousel & Slider post-types-carousel-slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through <= 1.0.4.
CVE-2025-22317	WordPress Gallery Images Ape	Hig	0.46	7.1	Jan 15, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gallery Ape Photo Gallery – Image Gallery by Ape gallery-images-ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through <= 2.2.8.
CVE-2025-22588	WordPress Woocommerce Inventory Management	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in intelligence_lab Scanventory woocommerce-inventory-management allows Reflected XSS.This issue affects Scanventory: from n/a through <= 1.1.3.
CVE-2025-22586	WordPress Wpex Replace	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dstoever WPEX Replace DB Urls wpex-replace allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through <= 0.4.0.
CVE-2025-22583	WordPress Scan External Links	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anshulsojatia Scan External Links scan-external-links allows Reflected XSS.This issue affects Scan External Links: from n/a through <= 1.0.
CVE-2025-22576	WordPress Site Pin	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through <= 1.3.
CVE-2025-22570	WordPress Inline Tweets	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdjekic Inline Tweets inline-tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through <= 2.0.
CVE-2025-22569	WordPress Featured Page Widget	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GrandSlambert Featured Page Widget featured-page-widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through <= 2.2.
CVE-2025-22568	WordPress Post And Page Reactions	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Post And Page Reactions post-and-page-reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through <= 1.0.5.
CVE-2025-22567	WordPress Trustist Reviewer	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trustist TRUSTist REVIEWer trustist-reviewer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through <= 2.0.
CVE-2025-22514	WordPress Knr Author List Widget	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja KNR Author List Widget knr-author-list-widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through <= 3.1.1.
CVE-2025-22506	WordPress Smart Agenda Prise De Rendez Vous En Ligne	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through <= 4.7.

CVE-2025-22765HigJan 15, 2025
WordPress
Wp Order By
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weiluri WP Order By wp-order-by allows Reflected XSS.This issue affects WP Order By: from n/a through <= 1.4.2.
CVE-2025-22764HigJan 15, 2025
WordPress
Wp Post Corrector
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vipul Jariwala WP Post Corrector wp-post-corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through <= 1.0.2.
CVE-2025-22760HigJan 15, 2025
Codebard
Codebard Help Desk
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through <= 1.1.2.
CVE-2025-22755HigJan 15, 2025
WordPress
Wp Headmaster
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bavington WP Headmaster wp-headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through <= 0.3.
CVE-2025-22754HigJan 15, 2025
WordPress
Amberlink
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a through <= 1.4.4.
CVE-2025-22753HigJan 15, 2025
WordPress
Turbosmtp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in turboSMTP turboSMTP turbosmtp allows Reflected XSS.This issue affects turboSMTP: from n/a through <= 4.6.
CVE-2025-22752HigJan 15, 2025
Gsheetconnector
Gsheetconnector For Forminator Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through <= 1.0.12.
CVE-2025-22751HigJan 15, 2025
WordPress
Partners
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Partners partners allows Reflected XSS.This issue affects Partners: from n/a through <= 0.2.0.
CVE-2025-22750HigJan 15, 2025
WordPress
Post Types Carousel Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patel Post Carousel & Slider post-types-carousel-slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through <= 1.0.4.
CVE-2025-22317HigJan 15, 2025
WordPress
Gallery Images Ape
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gallery Ape Photo Gallery – Image Gallery by Ape gallery-images-ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through <= 2.2.8.
CVE-2025-22588HigJan 13, 2025
WordPress
Woocommerce Inventory Management
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in intelligence_lab Scanventory woocommerce-inventory-management allows Reflected XSS.This issue affects Scanventory: from n/a through <= 1.1.3.
CVE-2025-22586HigJan 13, 2025
WordPress
Wpex Replace
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dstoever WPEX Replace DB Urls wpex-replace allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through <= 0.4.0.
CVE-2025-22583HigJan 13, 2025
WordPress
Scan External Links
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anshulsojatia Scan External Links scan-external-links allows Reflected XSS.This issue affects Scan External Links: from n/a through <= 1.0.
CVE-2025-22576HigJan 13, 2025
WordPress
Site Pin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through <= 1.3.
CVE-2025-22570HigJan 13, 2025
WordPress
Inline Tweets
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdjekic Inline Tweets inline-tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through <= 2.0.
CVE-2025-22569HigJan 13, 2025
WordPress
Featured Page Widget
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GrandSlambert Featured Page Widget featured-page-widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through <= 2.2.
CVE-2025-22568HigJan 13, 2025
WordPress
Post And Page Reactions
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Post And Page Reactions post-and-page-reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through <= 1.0.5.
CVE-2025-22567HigJan 13, 2025
WordPress
Trustist Reviewer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trustist TRUSTist REVIEWer trustist-reviewer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through <= 2.0.
CVE-2025-22514HigJan 13, 2025
WordPress
Knr Author List Widget
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja KNR Author List Widget knr-author-list-widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through <= 3.1.1.
CVE-2025-22506HigJan 13, 2025
WordPress
Smart Agenda Prise De Rendez Vous En Ligne
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through <= 4.7.