CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21534

21534 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-40675	Reflected Cross-Site Scripting (XSS) in Bagisto — Bagisto	6.1^AI	Medium^AI	2025-06-09
CVE-2025-5528	Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter — Social Sharing Plugin – Sassy Social Share	6.1	Medium	2025-06-07
CVE-2025-5568	WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event Booking Manager for WooCommerce	6.4	Medium	2025-06-07
CVE-2024-9993	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget — Essential Addons for Elementor – Popular Elementor Templates & Widgets	6.4	Medium	2025-06-07
CVE-2024-9994	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Essential Addons for Elementor – Popular Elementor Templates & Widgets	6.4	Medium	2025-06-07
CVE-2025-5303	LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter — LTL Freight Quotes – Freightview Edition	7.2	High	2025-06-07
CVE-2025-5797	code-projects Laundry System insert_type.php cross site scripting — Laundry System	3.5	Low	2025-06-06
CVE-2025-5796	code-projects Laundry System edit_type.php cross site scripting — Laundry System	3.5	Low	2025-06-06
CVE-2024-50406	License Center — License Center	5.4^AI	Medium^AI	2025-06-06
CVE-2025-49427	WordPress Abbie Expander plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — Abbie Expander	6.5	Medium	2025-06-06
CVE-2025-49429	WordPress Video Embeds plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability — Video Embeds	6.5	Medium	2025-06-06
CVE-2025-49442	WordPress Simple Nested Menu plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — Simple Nested Menu	6.5	Medium	2025-06-06
CVE-2025-49443	WordPress Bacon Ipsum plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability — Bacon Ipsum	6.5	Medium	2025-06-06
CVE-2025-49450	WordPress SEPA Girocode plugin <= 0.5.1 - Cross Site Scripting (XSS) Vulnerability — SEPA Girocode	6.5	Medium	2025-06-06
CVE-2023-26000	WordPress Bang tinh vay <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — Bang tinh vay	5.9	Medium	2025-06-06
CVE-2023-26001	WordPress Next Event Calendar <= 1.2 - Cross Site Scripting (XSS) Vulnerability — Next Event Calendar	5.9	Medium	2025-06-06
CVE-2025-27334	WordPress Simple Google Static Map plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — Simple Google Static Map	6.5	Medium	2025-06-06
CVE-2025-28989	WordPress Read More Login plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability — Read More Login	5.9	Medium	2025-06-06
CVE-2025-29003	WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability — The Holiday Calendar	6.5	Medium	2025-06-06
CVE-2025-29011	WordPress YouTube Simple Gallery plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability — YouTube Simple Gallery	6.5	Medium	2025-06-06
CVE-2025-30627	WordPress Elegant Visitor Counter plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability — Elegant Visitor Counter	5.9	Medium	2025-06-06
CVE-2025-30625	WordPress AppBanners plugin <= 1.5.14 - Cross Site Scripting (XSS) Vulnerability — AppBanners	5.9	Medium	2025-06-06
CVE-2025-30630	WordPress Global Translator plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability — Global Translator	5.9	Medium	2025-06-06
CVE-2025-30634	WordPress WP Featured Content Slider plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability — WP Featured Content Slider	5.9	Medium	2025-06-06
CVE-2025-30637	WordPress Booking Ultra Pro plugin <= 1.1.20 - Cross Site Scripting (XSS) Vulnerability — Booking Ultra Pro	5.9	Medium	2025-06-06
CVE-2025-30638	WordPress Powie's Uptime Robot plugin <= 0.9.7 - Cross Site Scripting (XSS) Vulnerability — Powie's Uptime Robot	5.9	Medium	2025-06-06
CVE-2025-30928	WordPress WP Biographia plugin <= 4.0.0 - Cross Site Scripting (XSS) Vulnerability — WP Biographia	5.9	Medium	2025-06-06
CVE-2025-30931	WordPress «Подсказки» от DaData.ru plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — «Подсказки» от DaData.ru	5.9	Medium	2025-06-06
CVE-2025-30930	WordPress ACF: Yandex Maps Field plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability — ACF: Yandex Maps Field	5.9	Medium	2025-06-06
CVE-2025-30935	WordPress Contact Form plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability — Contact Form	6.5	Medium	2025-06-06

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21534 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21534