CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-31636	WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP Post Modules for Elementor	7.1	High	2025-05-23
CVE-2025-32285	WordPress Butcher theme < 2.54 - Cross Site Scripting (XSS) vulnerability — Butcher	7.1	High	2025-05-23
CVE-2025-39502	WordPress Goodlayers Hostel Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Goodlayers Hostel	7.1	High	2025-05-23
CVE-2025-39505	WordPress Goodlayers Hotel plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Goodlayers Hotel	7.1	High	2025-05-23
CVE-2025-46437	WordPress Tayori Form plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability — Tayori Form	7.1	High	2025-05-23
CVE-2025-46440	WordPress kStats Reloaded plugin <= 0.7.4 - Reflected Cross Site Scripting (XSS) vulnerability — kStats Reloaded	7.1	High	2025-05-23
CVE-2025-46448	WordPress Document Management System plugin <= 1.24 - Cross Site Scripting (XSS) Vulnerability — Document Management System	7.1	High	2025-05-23
CVE-2025-46446	WordPress Libro de Reclamaciones plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — Libro de Reclamaciones	7.1	High	2025-05-23
CVE-2025-46456	WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability — Theme Blvd Sliders	7.1	High	2025-05-23
CVE-2025-46487	WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability — EC Authorize.net	7.1	High	2025-05-23
CVE-2025-46493	WordPress Crossword Compiler Puzzles plugin <= 14.5 - Cross Site Scripting (XSS) vulnerability — Crossword Compiler Puzzles	6.5	Medium	2025-05-23
CVE-2025-46515	WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — Category Widget	7.1	High	2025-05-23
CVE-2025-46526	WordPress My Custom Widgets plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability — My Custom Widgets	7.1	High	2025-05-23
CVE-2025-46518	WordPress IGIT Related Posts With Thumb Image After Posts plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability — IGIT Related Posts With Thumb Image After Posts	6.5	Medium	2025-05-23
CVE-2025-46537	WordPress Section Widget plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — Section Widget	7.1	High	2025-05-23
CVE-2025-47458	WordPress B2i Investor Tools plugin <= 1.0.7.9 - Reflected Cross Site Scripting (XSS) vulnerability — B2i Investor Tools	7.1	High	2025-05-23
CVE-2025-47611	WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — User Meta	7.1	High	2025-05-23
CVE-2025-47613	WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — School Management	7.1	High	2025-05-23
CVE-2025-47618	WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — BMI Adult & Kid Calculator	7.1	High	2025-05-23
CVE-2025-47673	WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability — Arconix Shortcodes	7.1	High	2025-05-23
CVE-2025-47678	WordPress FunnelCockpit plugin <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability — FunnelCockpit	7.1	High	2025-05-23
CVE-2025-47680	WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability — xili-tidy-tags	7.1	High	2025-05-23
CVE-2025-48241	WordPress Verge3D plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability — Verge3D	7.1	High	2025-05-23
CVE-2025-48245	WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability — Quick Contact Form	7.1	High	2025-05-23
CVE-2025-48286	WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability — ReDi Restaurant Reservation	7.1	High	2025-05-23
CVE-2025-1123	Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email — Solid Mail – SMTP email and logging made by SolidWP	7.2	High	2025-05-23
CVE-2025-3894	Stored XSS in MegaBIP — MegaBIP	4.8^AI	Medium^AI	2025-05-23
CVE-2025-4379	Reflected XSS in DobryCMS — DobryCMS	6.1^AI	Medium^AI	2025-05-23
CVE-2025-5096	TablePress <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters — TablePress – Tables in WordPress made easy	6.4	Medium	2025-05-23
CVE-2025-4594	Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Tournamatch	6.4	Medium	2025-05-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535