CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546

21546 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-23714	WordPress AppReview plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability — AppReview	7.1	High	2025-03-26
CVE-2025-23666	WordPress Management-screen-droptiles plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Management-screen-droptiles	7.1	High	2025-03-26
CVE-2025-23728	WordPress AuMenu plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability — AuMenu	7.1	High	2025-03-26
CVE-2025-23680	WordPress Narnoo Operator plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — Narnoo Operator	7.1	High	2025-03-26
CVE-2025-23704	WordPress Your Lightbox plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Your Lightbox	7.1	High	2025-03-26
CVE-2025-23546	WordPress RDP inGroups+ plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability — RDP inGroups+	7.1	High	2025-03-26
CVE-2025-23638	WordPress Frontend Post Submission plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Frontend Post Submission	7.1	High	2025-03-26
CVE-2025-23612	WordPress Pixobe Cartography plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Pixobe Cartography	7.1	High	2025-03-26
CVE-2025-23632	WordPress CG Button plugin <= 1.0.5.6 - Reflected Cross Site Scripting (XSS) vulnerability — CG Button	7.1	High	2025-03-26
CVE-2025-23633	WordPress WP Database Audit plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP Database Audit	7.1	High	2025-03-26
CVE-2025-23543	WordPress FOMO Pay Chinese Payment Solution plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — FOMO Pay Chinese Payment Solution	7.1	High	2025-03-26
CVE-2025-23466	WordPress Site Editor Google Map plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Site Editor Google Map	7.1	High	2025-03-26
CVE-2025-23460	WordPress RWS Enquiry And Lead Follow-up plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — RWS Enquiry And Lead Follow-up	7.1	High	2025-03-26
CVE-2025-23542	WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability — RDP Linkedin Login	7.1	High	2025-03-26
CVE-2025-22283	WordPress GetSocial Plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — GetSocial	7.1	High	2025-03-26
CVE-2025-23459	WordPress NS Simple Intro Loader plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — NS Simple Intro Loader	7.1	High	2025-03-26
CVE-2025-27404	Icinga Web 2 DOM-based XSS vulnerability — icingaweb2	7.7	High	2025-03-26
CVE-2025-1312	Ultimate Blocks – WordPress Blocks Plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor	6.4	Medium	2025-03-26
CVE-2025-1703	Ultimate Blocks <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter — Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor	6.4	Medium	2025-03-26
CVE-2025-1437	Advanced iFrame <= 2025.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Advanced iFrame	6.4	Medium	2025-03-26
CVE-2025-1439	Advanced iFrame <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header — Advanced iFrame	6.4	Medium	2025-03-26
CVE-2024-13702	CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — CRM and Lead Management by vcita	6.4	Medium	2025-03-26
CVE-2025-2167	Event post <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event post	5.4	Medium	2025-03-26
CVE-2025-2009	Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting — Newsletters	7.2	High	2025-03-26
CVE-2025-1784	Spectra – WordPress Gutenberg Blocks <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Spectra Gutenberg Blocks – Website Builder for the Block Editor	6.4	Medium	2025-03-26
CVE-2025-1490	Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter — Smart Maintenance Mode	6.1	Medium	2025-03-26
CVE-2025-2573	Amazing service box Addons For WPBakery Page Builder <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer)	6.4	Medium	2025-03-26
CVE-2025-2165	SH Email Alert <= 1.0 - Reflected Cross-Site Scripting — SH Email Alert	6.1	Medium	2025-03-26
CVE-2025-2576	Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Ayyash Studio — The kick-start kit	6.4	Medium	2025-03-26
CVE-2025-2302	Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode — Advanced Woo Search – Product Search for WooCommerce	6.4	Medium	2025-03-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21546 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546