Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21536

21536 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-1512 PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) 6.4 Medium2025-04-01
CVE-2025-1267 Groundhogg <= 3.7.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via label Parameter — Groundhogg — CRM, Newsletters, and Marketing Automation 5.5 Medium2025-04-01
CVE-2024-12189 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder 6.4 Medium2025-04-01
CVE-2024-12278 Booster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools 7.2 High2025-04-01
CVE-2025-31409 WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability — Bridge Core 6.5 Medium2025-04-01
CVE-2025-30917 WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability — SKU Generator for WooCommerce 7.1 High2025-04-01
CVE-2025-30924 WordPress Primer MyData for Woocommerce plugin < 4.2.4 - Reflected Cross Site Scripting (XSS) vulnerability — Primer MyData for Woocommerce 7.1 High2025-04-01
CVE-2025-30902 WordPress AEC Kiosque plugin <= 1.9.3 - Reflected Cross Site Scripting (XSS) vulnerability — AEC Kiosque 7.1 High2025-04-01
CVE-2025-30869 WordPress Image Wall plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability — Image Wall 7.1 High2025-04-01
CVE-2025-30840 WordPress xili-dictionary plugin <= 2.12.5 - Reflected Cross Site Scripting (XSS) vulnerability — xili-dictionary 7.1 High2025-04-01
CVE-2025-30837 WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability — WooCommerce Fattureincloud 7.1 High2025-04-01
CVE-2025-30827 WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability — WP2LEADS 7.1 High2025-04-01
CVE-2025-30848 WordPress Hostel plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability — Hostel 7.1 High2025-04-01
CVE-2025-30808 WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability — About Author 7.1 High2025-04-01
CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability — The Ultimate WordPress Toolkit – WP Extended 7.1 High2025-04-01
CVE-2025-30794 WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability — Event Tickets 7.1 High2025-04-01
CVE-2025-30798 WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability — Better WishList API 7.1 High2025-04-01
CVE-2025-30613 WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability — Nmedia MailChimp 6.5 Medium2025-04-01
CVE-2025-30614 WordPress Google Font Fix plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability — Google Font Fix 7.1 High2025-04-01
CVE-2025-30607 WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Quick Localization 7.1 High2025-04-01
CVE-2025-30579 WordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Pesapal Gateway for Woocommerce 7.1 High2025-04-01
CVE-2025-30563 WordPress Tidekey plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Tidekey 7.1 High2025-04-01
CVE-2025-30547 WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability — WP Cards 7.1 High2025-04-01
CVE-2025-30559 WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — Kento WordPress Stats 7.1 High2025-04-01
CVE-2025-30520 WordPress Breezing Forms plugin <= 1.2.8.11 - Reflected Cross Site Scripting (XSS) vulnerability — Breezing Forms 7.1 High2025-04-01
CVE-2025-30548 WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Advanced Post Search 7.1 High2025-04-01
CVE-2025-30544 WordPress OK Poster Group plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability — OK Poster Group 7.1 High2025-04-01
CVE-2025-1665 Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — Avada (Fusion) Builder 6.4 Medium2025-04-01
CVE-2025-3036 yzk2356911358 StudentServlet-JSP Student Management cross site scripting — StudentServlet-JSP 2.4 Low2025-03-31
CVE-2025-31697 Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026 — Formatter Suite 6.1 -2025-03-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21536 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.