CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-12651	Live Photos on WordPress <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Live Photos on WordPress	6.4	Medium	2025-11-11
CVE-2025-12019	Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Featured Image	4.4	Medium	2025-11-11
CVE-2025-12662	Coon Google Maps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Coon Google Maps	6.4	Medium	2025-11-11
CVE-2025-11129	Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type' — Include Fussball.de Widgets	6.4	Medium	2025-11-11
CVE-2025-12663	Jeba Cute forkit <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Jeba Cute forkit	6.4	Medium	2025-11-11
CVE-2025-11882	Simple Donate <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Simple Donate	6.4	Medium	2025-11-11
CVE-2025-12668	WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Count Down Timer	6.4	Medium	2025-11-11
CVE-2025-11821	Woocommerce – Products By Custom Tax <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Woocommerce – Products By Custom Tax	6.4	Medium	2025-11-11
CVE-2025-11860	Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Twitter Feed	6.4	Medium	2025-11-11
CVE-2025-12658	Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Preload Current Images	6.4	Medium	2025-11-11
CVE-2025-11859	Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Paypal Donation Shortcode	6.4	Medium	2025-11-11
CVE-2025-12631	Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting — Squirrels Auto Inventory	4.4	Medium	2025-11-11
CVE-2025-12671	WP-Iconics <= 0.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP-Iconics	6.4	Medium	2025-11-11
CVE-2025-11869	Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Precise Columns	6.4	Medium	2025-11-11
CVE-2025-11828	Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post Blocks & Tools	6.4	Medium	2025-11-11
CVE-2025-12711	Share to Google Classroom <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via share_to_google Shortcode — Share to Google Classroom	6.4	Medium	2025-11-11
CVE-2025-11856	Eventbee Ticketing Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Eventbee Ticketing Widget	6.4	Medium	2025-11-11
CVE-2025-12021	WP-OAuth <= 0.4.1 - Reflected Cross-Site Scripting — WP-OAuth	6.1	Medium	2025-11-11
CVE-2025-12020	Double the Donation <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting — Double the Donation – A workplace giving tool	4.9	Medium	2025-11-11
CVE-2025-12672	Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Flickr Show	6.4	Medium	2025-11-11
CVE-2025-12754	Geopost <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Geopost	6.4	Medium	2025-11-11
CVE-2025-12644	Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields — Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress	6.4	Medium	2025-11-11
CVE-2025-11805	Skip to Timestamp <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Skip to Timestamp	6.4	Medium	2025-11-11
CVE-2025-12632	RandomQuotr <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting — RandomQuotr	5.5	Medium	2025-11-11
CVE-2025-12538	Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting — Fleet Manager	4.4	Medium	2025-11-11
CVE-2025-12880	Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG — Progress Bar Blocks for Gutenberg	5.4	Medium	2025-11-11
CVE-2025-11863	My Geo Posts Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — My Geo Posts Free	6.4	Medium	2025-11-11
CVE-2025-11829	Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Five9 Live Chat	6.4	Medium	2025-11-11
CVE-2025-12652	Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ungapped Widgets	6.4	Medium	2025-11-11
CVE-2025-11873	WP BBCode <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP BBCode	6.4	Medium	2025-11-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527