Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21499

21499 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3003 Vagaro Booking Widget <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' — Vagaro Booking Widget 7.2 High2026-03-21
CVE-2026-3996 WP Games Embed <= 0.1beta - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP Games Embed 6.4 Medium2026-03-21
CVE-2026-1806 Tour & Activity Operator Plugin for TourCMS <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Tour & Activity Operator Plugin for TourCMS 6.4 Medium2026-03-21
CVE-2026-1899 Any Post Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute — Any Post Slider 6.4 Medium2026-03-21
CVE-2026-1247 Survey <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Survey 4.4 Medium2026-03-21
CVE-2026-1886 Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute — Go Night Pro | WordPress Dark Mode Plugin 6.4 Medium2026-03-21
CVE-2026-1891 Simple Football Scoreboard <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Simple Football Scoreboard 6.4 Medium2026-03-21
CVE-2025-13910 WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting — WP-WebAuthn 6.1 Medium2026-03-21
CVE-2026-2496 Ed's Font Awesome <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Ed's Font Awesome 6.4 Medium2026-03-21
CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter — Alfie – Feed Plugin 6.1 Medium2026-03-21
CVE-2026-2424 Reward Video Ad for WordPress <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings — Reward Video Ad for WordPress 4.4 Medium2026-03-21
CVE-2026-4084 fyyd podcast shortcodes <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute — fyyd podcast shortcodes 6.4 Medium2026-03-21
CVE-2026-1093 WPFAQBlock– FAQ & Accordion Plugin For Gutenberg <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute — WPFAQBlock– FAQ & Accordion Plugin For Gutenberg 6.4 Medium2026-03-21
CVE-2026-2277 rexCrawler <= 1.0.15 - Reflected Cross-Site Scripting via 'url' and 'regex' Parameters — rexCrawler 6.1 Medium2026-03-21
CVE-2026-4067 Ad Short <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'client' Shortcode Attribute — Ad Short 6.4 Medium2026-03-21
CVE-2026-1851 iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute — iVysilani Shortcode 6.4 Medium2026-03-21
CVE-2026-1889 Outgrow <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute — Outgrow 6.4 Medium2026-03-21
CVE-2026-4077 Ecover Builder For Dummies <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Ecover Builder For Dummies 6.4 Medium2026-03-21
CVE-2026-1854 Post Flagger <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slug' Shortcode Attribute — Post Flagger 6.4 Medium2026-03-21
CVE-2026-1822 WP NG Weather <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP NG Weather 6.4 Medium2026-03-21
CVE-2026-4086 WP Random Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute — WP Random Button 6.4 Medium2026-03-21
CVE-2026-2440 SurveyJS: Drag & Drop Form Builder <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting — SurveyJS: Drag & Drop Form Builder 7.2 High2026-03-21
CVE-2026-3350 Image Alt Text Manager <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title — Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI 6.4 Medium2026-03-20
CVE-2026-2430 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes — Autoptimize 6.4 Medium2026-03-20
CVE-2026-3516 Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter — Contact List – Online Staff Directory & Address Book 6.4 Medium2026-03-20
CVE-2026-3572 iTracker360 <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'itracker_license' Settings Field — iTracker360 6.1 Medium2026-03-20
CVE-2026-2352 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value — Autoptimize 6.4 Medium2026-03-20
CVE-2026-3368 Injection Guard <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name — Injection Guard 7.2 High2026-03-20
CVE-2026-3577 Keep Backup Daily <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title — Keep Backup Daily 4.4 Medium2026-03-20
CVE-2026-4083 Scoreboard for HTML5 Games Lite <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Scoreboard for HTML5 Games Lite 6.4 Medium2026-03-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21499 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.