CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46893 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-24729	1 Elementinvader	1 Elementinvader Addons For Elementor	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.3.
CVE-2025-24727	1 Codepeople	1 Contact Form Email	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52.
CVE-2025-24726			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through <= 1.2.1.
CVE-2025-24723	2 Codepeople, Wordpress	2 Booking Calendar Contact Form, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.55.
CVE-2025-24722			2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through <= 1.7.3.
CVE-2025-24721			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Easy YouTube Gallery easy-youtube-gallery allows Stored XSS.This issue affects Easy YouTube Gallery: from n/a through <= 1.0.4.
CVE-2025-24719			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through <= 2.7.1.
CVE-2025-24718	2 Swit, Wordpress	2 Wp Sessions Time Monitoring Full Automatic, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Reflected XSS.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.1.
CVE-2025-24710			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook gwolle-gb allows Reflected XSS.This issue affects Gwolle Guestbook: from n/a through <= 4.7.1.
CVE-2025-24709			2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions plethora-tabs-accordions allows Stored XSS.This issue affects Plethora Plugins Tabs + Accordions: from n/a through <= 1.1.5.
CVE-2025-24708			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.6.
CVE-2025-24707			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.24.
CVE-2025-24706	2 Multivendorx, Wordpress	2 Wc Marketplace, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through <= 4.2.13.
CVE-2025-24704	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grimdonkey Magic the Gathering Card Tooltips magic-the-gathering-card-tooltips allows Stored XSS.This issue affects Magic the Gathering Card Tooltips: from n/a through <= 3.4.0.
CVE-2025-24702	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio SEO Xagio SEO xagio-seo allows Stored XSS.This issue affects Xagio SEO: from n/a through <= 7.0.0.20.
CVE-2025-24700	1 Xylusthemes	1 Wp Event Aggregator	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event Aggregator: from n/a through <= 1.8.2.
CVE-2025-24694			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Reflected XSS.This issue affects CM Pop-Up banners: from n/a through <= 1.7.6.
CVE-2025-24688			2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.20.0.
CVE-2025-24687	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode showhide-shortcode allows Stored XSS.This issue affects Show/Hide Shortcode: from n/a through <= 1.0.0.
CVE-2025-24686	1 Metagauss	1 Registrationmagic	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through <= 6.0.3.3.

« first previous Page 236 of 2345. next last »