CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-48092	WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — Fix Multiple Redirects	7.1	High	2025-10-22
CVE-2025-39534	WordPress Terms Dictionary Plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability — Terms Dictionary	7.1	High	2025-10-22
CVE-2025-11825	Playerzbr <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field — Playerzbr	6.4	Medium	2025-10-22
CVE-2025-11817	Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple Tableau Viz	6.4	Medium	2025-10-22
CVE-2025-11883	Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Responsive Progress Bar	6.4	Medium	2025-10-22
CVE-2025-11867	Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bg Book Publisher	6.4	Medium	2025-10-22
CVE-2025-11870	Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Simple Business Data	6.4	Medium	2025-10-22
CVE-2025-11819	WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP-Thumbnail	6.4	Medium	2025-10-22
CVE-2025-11824	Cinza Grid <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Skin Content Field — Cinza Grid	6.4	Medium	2025-10-22
CVE-2025-11866	Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Photographers galleries	6.4	Medium	2025-10-22
CVE-2025-11880	SM CountDown Widget <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — SM CountDown Widget	6.4	Medium	2025-10-22
CVE-2025-11830	WP Restaurant Listings <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Restaurant Listings	6.4	Medium	2025-10-22
CVE-2025-11813	Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Responsive iframe GoogleMap	6.4	Medium	2025-10-22
CVE-2025-11810	Print Button Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Name: Print Button Shortcode	6.4	Medium	2025-10-22
CVE-2025-11811	Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple Youtube Shortcode	6.4	Medium	2025-10-22
CVE-2025-11807	Mixlr Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Mixlr Shortcode	6.4	Medium	2025-10-22
CVE-2025-11818	WP Responsive Meet The Team <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Responsive Meet The Team	6.4	Medium	2025-10-22
CVE-2025-11827	Oboxmedia Ads <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Oboxmedia Ads	6.4	Medium	2025-10-22
CVE-2025-11878	ST Categories Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — ST Categories Widget	6.4	Medium	2025-10-22
CVE-2025-10138	This-or-That by André Boekhorst <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — This-or-That	6.4	Medium	2025-10-22
CVE-2025-11809	WP-Force Images Download <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP-Force Images Download	6.4	Medium	2025-10-22
CVE-2025-11872	Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Material Design Iconic Font Integration	6.4	Medium	2025-10-22
CVE-2025-11804	JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — JB News Ticker	6.4	Medium	2025-10-22
CVE-2025-11834	WP AD Gallery <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP AD Gallery	6.4	Medium	2025-10-22
CVE-2025-11952	Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot — Chatbot	5.4^AI	Medium^AI	2025-10-22
CVE-2025-12033	Simple Banner <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting — Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website	4.4	Medium	2025-10-22
CVE-2025-10651	Welcart e-Commerce <= 2.11.22 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail — Welcart e-Commerce	5.5	Medium	2025-10-22
CVE-2025-62249	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	6.1^AI	Medium^AI	2025-10-21
CVE-2025-62598	WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action' — WeGIA	6.1^AI	Medium^AI	2025-10-21
CVE-2025-62597	WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql' — WeGIA	6.1^AI	Medium^AI	2025-10-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529