CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-3056	Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Download Manager	5.4	Medium	2025-04-18
CVE-2025-3598	Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter — Coupon Affiliates – Affiliate Plugin for WooCommerce	6.1	Medium	2025-04-18
CVE-2025-39469	WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability — Modal Survey	7.1	High	2025-04-18
CVE-2025-2613	Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL — Login Manager – Design Login Page, View Login Activity, Limit Login Attempts	4.4	Medium	2025-04-18
CVE-2024-13650	Piotnet Addons For Elementor <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting — Piotnet Addons For Elementor	6.4	Medium	2025-04-18
CVE-2025-25427	XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page — TL-WR841N v14/v14.6/v14.8	6.1	-	2025-04-18
CVE-2025-3246	Markdown math block sanitization bypass allows privilege escalation and unauthorized workflow triggers — GitHub Enterprise Server	5.4^AI	Medium^AI	2025-04-17
CVE-2025-23443	WordPress Author Showcase plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability — Author Showcase	7.1	High	2025-04-17
CVE-2025-23448	WordPress visualslider Sldier plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability — visualslider Sldier	7.1	High	2025-04-17
CVE-2025-23782	WordPress TotalContest Lite Plugin <= 2.8.1 - Reflected Cross Site Scripting (XSS) vulnerability — TotalContest Lite	7.1	High	2025-04-17
CVE-2025-23858	WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability — Custom Users Order	7.1	High	2025-04-17
CVE-2025-23855	WordPress SpiderDisplay plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability — SpiderDisplay	7.1	High	2025-04-17
CVE-2025-24539	WordPress DeBounce Email Validator plugin <= 5.6.5 - Reflected Cross Site Scripting (XSS) vulnerability — DeBounce Email Validator	7.1	High	2025-04-17
CVE-2025-24548	WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — Autoglot – Automatic WordPress Translation	7.1	High	2025-04-17
CVE-2025-24550	WordPress Job Manager plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability — Job Manager	6.5	Medium	2025-04-17
CVE-2025-24553	WordPress Shipping with Venipak for WooCommerce plugin <= 1.22.3 - Reflected Cross Site Scripting (XSS) vulnerability — Shipping with Venipak for WooCommerce	7.1	High	2025-04-17
CVE-2025-24586	WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability — Shipment Tracker for Woocommerce	7.1	High	2025-04-17
CVE-2025-24619	WordPress WP Log Action Plugin <= 0.51 - Reflected Cross Site Scripting (XSS) vulnerability — WP Log Action	7.1	High	2025-04-17
CVE-2025-24621	WordPress Arconix Shortcodes plugin <= 2.1.15 - Reflected Cross Site Scripting (XSS) vulnerability — Arconix Shortcodes	7.1	High	2025-04-17
CVE-2025-24624	WordPress HT Event – WordPress Event Manager Plugin for Elementor Plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability — HT Event	7.1	High	2025-04-17
CVE-2025-24637	WordPress Beacon Lead Magnets and Lead Capture Plugin <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability — Beacon Lead Magnets and Lead Capture	7.1	High	2025-04-17
CVE-2025-24640	WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Empty Tags Remover	7.1	High	2025-04-17
CVE-2025-24645	WordPress Eazy Under Construction Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Eazy Under Construction	7.1	High	2025-04-17
CVE-2025-24655	WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability — Wishlist	7.1	High	2025-04-17
CVE-2025-24670	WordPress Term Taxonomy Converter Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Term Taxonomy Converter	7.1	High	2025-04-17
CVE-2025-24745	WordPress Classified Listing plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Classified Listing	7.1	High	2025-04-17
CVE-2025-24752	WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability — Essential Addons for Elementor	7.1	High	2025-04-17
CVE-2025-27285	WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability — Easy Form	7.1	High	2025-04-17
CVE-2025-27284	WordPress Flagged Content Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — Flagged Content	7.1	High	2025-04-17
CVE-2025-27288	WordPress File Icons Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability — File Icons	7.1	High	2025-04-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535