CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 98 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-22499	WordPress F4 Tree	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through <= 1.1.18.
CVE-2025-22498	WordPress Lucidlms	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N3wNormal LucidLMS lucidlms allows Reflected XSS.This issue affects LucidLMS: from n/a through <= 1.0.5.
CVE-2025-22344	WordPress Media Category Library	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in timmcdaniels Media Category Library media-category-library allows Reflected XSS.This issue affects Media Category Library: from n/a through <= 2.7.
CVE-2025-22337	WordPress Order Audit Log For Woocommerce	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Order Audit Log for WooCommerce order-audit-log-for-woocommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through <= 2.0.
CVE-2025-22314	WordPress Food Store	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup food-store allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a through <= 1.5.4.
CVE-2024-56301	WordPress Distance Based Shipping Calculator	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.21.
CVE-2024-56065	WordPress Wp2leads	Hig	0.46	7.1	Jan 13, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.2.
CVE-2025-22595	WordPress Wp Mailing Group	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
CVE-2025-22594	WordPress Better User Shortcodes	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder Better User Shortcodes better-user-shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through <= 1.0.
CVE-2025-22539	WordPress Custom Database Tables	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through <= 2.1.34.
CVE-2025-22521	WordPress Wp Hosting Performance Check	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check wp-hosting-performance-check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through <= 2.18.8.
CVE-2025-22361	WordPress Opentracker Analytics	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics opentracker-analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through <= 1.3.
CVE-2025-22345	WordPress Ts Comfort Database	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through <= 2.0.7.
CVE-2025-22331	WordPress Cf7save Extension	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension cf7save-extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through <= 1.
CVE-2025-22330	WordPress Mg Parallax Slider	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider mg-parallax-slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through <= 1.0..
CVE-2025-22313	WordPress Widgetize Pages Light	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-22307	WordPress Woo Product Table	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam Product Table for WooCommerce woo-product-table allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through <= 4.0.3.
CVE-2025-22295	WordPress Tripetto	Hig	0.46	7.1	Jan 9, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through <= 8.0.6.
CVE-2025-22593	WordPress Laika Pedigree Tree	Hig	0.46	7.1	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through <= 1.4.
CVE-2025-22548	WordPress Ldap Login Password And Role Manager	Hig	0.46	7.1	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in frankkoenen ldap_login_password_and_role_manager ldap-login-password-and-role-manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through <= 1.0.12.

CVE-2025-22499HigJan 13, 2025
WordPress
F4 Tree
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through <= 1.1.18.
CVE-2025-22498HigJan 13, 2025
WordPress
Lucidlms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N3wNormal LucidLMS lucidlms allows Reflected XSS.This issue affects LucidLMS: from n/a through <= 1.0.5.
CVE-2025-22344HigJan 13, 2025
WordPress
Media Category Library
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in timmcdaniels Media Category Library media-category-library allows Reflected XSS.This issue affects Media Category Library: from n/a through <= 2.7.
CVE-2025-22337HigJan 13, 2025
WordPress
Order Audit Log For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in infosoftplugin Order Audit Log for WooCommerce order-audit-log-for-woocommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through <= 2.0.
CVE-2025-22314HigJan 13, 2025
WordPress
Food Store
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup food-store allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a through <= 1.5.4.
CVE-2024-56301HigJan 13, 2025
WordPress
Distance Based Shipping Calculator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.21.
CVE-2024-56065HigJan 13, 2025
WordPress
Wp2leads
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.4.2.
CVE-2025-22595HigJan 9, 2025
WordPress
Wp Mailing Group
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
CVE-2025-22594HigJan 9, 2025
WordPress
Better User Shortcodes
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder Better User Shortcodes better-user-shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through <= 1.0.
CVE-2025-22539HigJan 9, 2025
WordPress
Custom Database Tables
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ka2 Custom DataBase Tables custom-database-tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through <= 2.1.34.
CVE-2025-22521HigJan 9, 2025
WordPress
Wp Hosting Performance Check
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check wp-hosting-performance-check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through <= 2.18.8.
CVE-2025-22361HigJan 9, 2025
WordPress
Opentracker Analytics
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics opentracker-analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through <= 1.3.
CVE-2025-22345HigJan 9, 2025
WordPress
Ts Comfort Database
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through <= 2.0.7.
CVE-2025-22331HigJan 9, 2025
WordPress
Cf7save Extension
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension cf7save-extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through <= 1.
CVE-2025-22330HigJan 9, 2025
WordPress
Mg Parallax Slider
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider mg-parallax-slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through <= 1.0..
CVE-2025-22313HigJan 9, 2025
WordPress
Widgetize Pages Light
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-22307HigJan 9, 2025
WordPress
Woo Product Table
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam Product Table for WooCommerce woo-product-table allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through <= 4.0.3.
CVE-2025-22295HigJan 9, 2025
WordPress
Tripetto
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through <= 8.0.6.
CVE-2025-22593HigJan 7, 2025
WordPress
Laika Pedigree Tree
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through <= 1.4.
CVE-2025-22548HigJan 7, 2025
WordPress
Ldap Login Password And Role Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in frankkoenen ldap_login_password_and_role_manager ldap-login-password-and-role-manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through <= 1.0.12.