CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 34410 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-29443	1 Nicdark	1 Hotel Booking	2025-02-20	4.1 Medium
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.
CVE-2022-28612	1 Custom Popup Builder Project	1 Custom Popup Builder	2025-02-20	5.4 Medium
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
CVE-2022-29452	1 Atlasgondal	1 Export All Urls	2025-02-20	3.4 Low
Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress.
CVE-2022-32280	1 Xakuro	1 Xo Slider	2025-02-20	5.4 Medium
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress.
CVE-2021-36849	1 Social Media Share Buttons Project	1 Social Media Share Buttons	2025-02-20	3.4 Low
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress.
CVE-2022-30536	1 Wp Maintenance Project	1 Wp Maintenance	2025-02-20	3.4 Low
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.
CVE-2022-33191	1 Testimonials Project	1 Testimonials	2025-02-20	4.1 Medium
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress.
CVE-2025-25973			2025-02-20	6.5 Medium
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters.
CVE-2025-25299			2025-02-20	N/A
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within the document. It can lead to unauthorized JavaScript code execution, which might happen with a very specific editor and token endpoint configuration. This vulnerability affects only installations with Real-time collaborative editing enabled. The problem has been recognized and patched. The fix is available in version 44.2.1 (and above). Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-51335			2025-02-20	6.5 Medium
PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.
CVE-2022-34853	1 Wpwax	1 Team	2025-02-20	4.1 Medium
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
CVE-2022-34650	1 Wpwax	1 Team	2025-02-20	4.1 Medium
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.
CVE-2022-33943	1 Bxslider Wp Project	1 Bxslider Wp	2025-02-20	5.4 Medium
Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.
CVE-2022-35882	1 Gsplugins	1 Gs Testimonial Slider	2025-02-20	4.8 Medium
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.
CVE-2022-36378	1 Floating Div Project	1 Floating Div	2025-02-20	4.8 Medium
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
CVE-2022-36343	1 Ideastocode	1 Enable Svg\, Webp \& Ico Upload	2025-02-20	3.4 Low
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.
CVE-2021-36847	1 Webba-booking	1 Webba Booking	2025-02-20	4.8 Medium
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.
CVE-2021-36857	1 Wpshopmart	1 Testimonial Builder	2025-02-20	4.8 Medium
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.
CVE-2022-34857	1 Smartypantsplugins	1 Sp Project \& Document Manager	2025-02-20	6.1 Medium
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress
CVE-2022-34648	1 Uploading Svg\, Webp And Ico Files Project	1 Uploading Svg\, Webp And Ico Files	2025-02-20	4.8 Medium
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

« first previous Page 100 of 1721. next last »