CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 43827 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-31018			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FireDrum FireDrum Email Marketing firedrum-email-marketing allows Reflected XSS.This issue affects FireDrum Email Marketing: from n/a through <= 1.64.
CVE-2025-31017	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Noakes Nav Menu Manager noakes-menu-manager allows Stored XSS.This issue affects Nav Menu Manager: from n/a through <= 3.2.5.
CVE-2025-31011	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2.
CVE-2025-31008			2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.3.1.
CVE-2025-31007	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form 7: from n/a through <= 1.2.0.
CVE-2025-31006			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arete-it Activity Reactions For Buddypress activity-reactions-for-buddypress allows Reflected XSS.This issue affects Activity Reactions For Buddypress: from n/a through <= 1.0.22.
CVE-2025-30991	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Stored XSS.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.6.
CVE-2025-30988			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Stored XSS.This issue affects Elite Video Player: from n/a through <= 10.0.5.
CVE-2025-30987			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.16.
CVE-2025-30984			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dzynit SEO Tools seo-automatic-seo-tools allows Reflected XSS.This issue affects SEO Tools: from n/a through <= 4.0.7.
CVE-2025-30983	2 Gopiplus, Wordpress	2 Wp Image Slideshow, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus Card flip image slideshow card-flip-image-slideshow allows DOM-Based XSS.This issue affects Card flip image slideshow: from n/a through <= 1.5.
CVE-2025-30982	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Stored XSS.This issue affects MyBookProgress by Stormhill Media: from n/a through <= 1.0.8.
CVE-2025-30977			2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaport Live Chat Chaport chaport allows Stored XSS.This issue affects Chaport: from n/a through <= 1.1.6.
CVE-2025-30972			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce Line Notify: from n/a through <= 1.1.7.
CVE-2025-30970	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a through <= 0.1.2.
CVE-2025-30963			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through <= 3.6.3.
CVE-2025-30962			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fs-code FS Poster fs-poster allows Reflected XSS.This issue affects FS Poster: from n/a through <= 6.5.8.
CVE-2025-30961			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tinuzz Trackserver trackserver allows DOM-Based XSS.This issue affects Trackserver: from n/a through <= 5.1.0.
CVE-2025-30955	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy listingeasy allows Reflected XSS.This issue affects ListingEasy: from n/a through <= 1.9.2.
CVE-2025-30952	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdive Nexa Blocks nexa-blocks allows Stored XSS.This issue affects Nexa Blocks: from n/a through <= 1.1.0.

« first previous Page 87 of 2192. next last »