Filtered by CWE-79
Total 38585 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-56028 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0.
CVE-2025-23841 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikos M. Top Flash Embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through 0.3.4.
CVE-2024-30178 1 Wordpress 1 Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.
CVE-2025-25136 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3.
CVE-2024-11383 1 Wordpress 1 Wordpress 2025-07-12 6.4 Medium
The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-44044 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.
CVE-2024-56301 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eniture Technology Distance Based Shipping Calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.
CVE-2024-11903 1 Wordpress 1 Wordpress 2025-07-12 6.4 Medium
The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-31929 1 Wordpress 1 Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7.
CVE-2024-54364 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1.
CVE-2024-53743 2 Flickdevs, Wordpress 2 Countdown Timer For Elementor, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Countdown Timer for Elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through 1.3.6.
CVE-2024-51836 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teconce Wezido allows DOM-Based XSS.This issue affects Wezido: from n/a through 1.2.
CVE-2025-31811 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtreeme Planyo online reservation system allows Stored XSS. This issue affects Planyo online reservation system: from n/a through 3.0.
CVE-2025-39519 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtpHarry Bulk Page Stub Creator allows Reflected XSS. This issue affects Bulk Page Stub Creator: from n/a through 1.1.
CVE-2025-30768 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge allows Stored XSS. This issue affects jAlbum Bridge: from n/a through 2.0.18.
CVE-2024-12098 1 Wordpress 1 Wordpress 2025-07-12 6.1 Medium
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-29104 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10.
CVE-2025-31754 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DobsonDev DobsonDev Shortcodes allows Stored XSS. This issue affects DobsonDev Shortcodes: from n/a through 2.1.12.
CVE-2025-25073 1 Wordpress 1 Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.
CVE-2024-50464 2 Pierre Lebedel, Wordpress 2 Kodex Posts Likes, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.