CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,299)

page 99 of 965

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-22547	WordPress Jk Html To Pdf	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jaykrishnang JK Html To Pdf jk-html-to-pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through <= 1.0.0.
CVE-2025-22522	WordPress Singsong	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roya khosravi SingSong singsong allows Stored XSS.This issue affects SingSong: from n/a through <= 1.2.
CVE-2025-22338	WordPress Tagmaker	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker tagmaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through <= 0.2.2.
CVE-2025-22335	WordPress Opencart Product In Wp	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rajib.dewan Opencart Product in WP opencart-product-in-wp allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through <= 1.0.1.
CVE-2025-22294	WordPress Custom Field For Wp Job Manager	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.3.
CVE-2024-56056	Kmfoysal06 Simplecharm	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm simplecharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through <= 1.4.3.
CVE-2025-22359	—	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pjfc SyncFields syncfields allows Reflected XSS.This issue affects SyncFields: from n/a through <= 2.1.
CVE-2025-22358	WordPress Advertising Management	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simone Marcon Wp advertising management advertising-management allows Reflected XSS.This issue affects Wp advertising management: from n/a through <= 1.0.3.
CVE-2025-22357	WordPress Target Notifications	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever Target Notifications target-notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through <= 1.1.1.
CVE-2025-22355	WordPress Sa Post Author Filter	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asokaaso2 Kikx Simple Post Author Filter sa-post-author-filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through <= 1.0.
CVE-2025-22353	WordPress Bvd Easy Gallery Manager	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bvads BVD Easy Gallery Manager bvd-easy-gallery-manager allows Reflected XSS.This issue affects BVD Easy Gallery Manager: from n/a through <= 1.0.6.
CVE-2025-22326	WordPress 5centscdn	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5centsCDN 5centsCDN 5centscdn allows Reflected XSS.This issue affects 5centsCDN: from n/a through <= 25.4.15.
CVE-2025-22324	WordPress Oz Canonical	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through <= 0.5.
CVE-2025-22320	—	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProductDyno ProductDyno productdyno allows Reflected XSS.This issue affects ProductDyno: from n/a through <= 1.0.24.
CVE-2024-56299	WordPress Notify Odoo	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo notify-odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through <= 1.0.0.
CVE-2024-56296	WordPress Mangboard	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kitae Park Mang Board WP mangboard allows Reflected XSS.This issue affects Mang Board WP: from n/a through <= 1.8.4.
CVE-2024-51700	WordPress Naver Analytics	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eutrue NAVER Analytics naver-analytics allows Stored XSS.This issue affects NAVER Analytics: from n/a through <= 0.9.
CVE-2024-49633	Designinvento Directorypress	Hig	0.46	7.1	0.00	Jan 7, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through <= 3.6.19.
CVE-2024-12633	WordPress Joomsport Sports League Results Management	Hig	0.46	7.1	0.01	Jan 7, 2025	The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-56014	WordPress Olivia	Hig	0.46	7.1	0.00	Jan 2, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5.

CVE-2025-22547HigJan 7, 2025
WordPress
Jk Html To Pdf
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jaykrishnang JK Html To Pdf jk-html-to-pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through <= 1.0.0.
CVE-2025-22522HigJan 7, 2025
WordPress
Singsong
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roya khosravi SingSong singsong allows Stored XSS.This issue affects SingSong: from n/a through <= 1.2.
CVE-2025-22338HigJan 7, 2025
WordPress
Tagmaker
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker tagmaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through <= 0.2.2.
CVE-2025-22335HigJan 7, 2025
WordPress
Opencart Product In Wp
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rajib.dewan Opencart Product in WP opencart-product-in-wp allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through <= 1.0.1.
CVE-2025-22294HigJan 7, 2025
WordPress
Custom Field For Wp Job Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.3.
CVE-2024-56056HigJan 7, 2025
Kmfoysal06
Simplecharm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm simplecharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through <= 1.4.3.
CVE-2025-22359HigJan 7, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pjfc SyncFields syncfields allows Reflected XSS.This issue affects SyncFields: from n/a through <= 2.1.
CVE-2025-22358HigJan 7, 2025
WordPress
Advertising Management
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simone Marcon Wp advertising management advertising-management allows Reflected XSS.This issue affects Wp advertising management: from n/a through <= 1.0.3.
CVE-2025-22357HigJan 7, 2025
WordPress
Target Notifications
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdever Target Notifications target-notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through <= 1.1.1.
CVE-2025-22355HigJan 7, 2025
WordPress
Sa Post Author Filter
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asokaaso2 Kikx Simple Post Author Filter sa-post-author-filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through <= 1.0.
CVE-2025-22353HigJan 7, 2025
WordPress
Bvd Easy Gallery Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bvads BVD Easy Gallery Manager bvd-easy-gallery-manager allows Reflected XSS.This issue affects BVD Easy Gallery Manager: from n/a through <= 1.0.6.
CVE-2025-22326HigJan 7, 2025
WordPress
5centscdn
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5centsCDN 5centsCDN 5centscdn allows Reflected XSS.This issue affects 5centsCDN: from n/a through <= 25.4.15.
CVE-2025-22324HigJan 7, 2025
WordPress
Oz Canonical
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical oz-canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through <= 0.5.
CVE-2025-22320HigJan 7, 2025
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProductDyno ProductDyno productdyno allows Reflected XSS.This issue affects ProductDyno: from n/a through <= 1.0.24.
CVE-2024-56299HigJan 7, 2025
WordPress
Notify Odoo
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo notify-odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through <= 1.0.0.
CVE-2024-56296HigJan 7, 2025
WordPress
Mangboard
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kitae Park Mang Board WP mangboard allows Reflected XSS.This issue affects Mang Board WP: from n/a through <= 1.8.4.
CVE-2024-51700HigJan 7, 2025
WordPress
Naver Analytics
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eutrue NAVER Analytics naver-analytics allows Stored XSS.This issue affects NAVER Analytics: from n/a through <= 0.9.
CVE-2024-49633HigJan 7, 2025
Designinvento
Directorypress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through <= 3.6.19.
CVE-2024-12633HigJan 7, 2025
WordPress
Joomsport Sports League Results Management
risk 0.46cvss 7.1epss 0.01
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-56014HigJan 2, 2025
WordPress
Olivia
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5.