Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13462 WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Wiki Tooltip 6.4 Medium2025-02-19
CVE-2024-11335 UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included 6.4 Medium2025-02-19
CVE-2024-12069 Lexicata <= 1.0.16 - Reflected Cross-Site Scripting — Lexicata 6.1 Medium2025-02-19
CVE-2024-13660 Responsive Flickr Slideshow <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Responsive Flickr Slideshow 6.4 Medium2025-02-19
CVE-2024-13674 Cosmic Blocks (40+) Content Editor Blocks Collection <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Cosmic Blocks (40+) Content Editor Blocks Collection 6.4 Medium2025-02-19
CVE-2024-13711 Pollin <= 1.01.1 - Reflected Cross-Site Scripting — Pollin 6.1 Medium2025-02-19
CVE-2024-12522 Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Yay! Forms 6.4 Medium2025-02-19
CVE-2024-13390 ADFO – Custom data in admin dashboard <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — ADFO – Custom data in admin dashboard 6.4 Medium2025-02-19
CVE-2024-13589 YouTube Playlists with Schema <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — YouTube Playlists with Schema 6.4 Medium2025-02-19
CVE-2024-13663 Coaching Staffs <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Coaching Staffs 6.4 Medium2025-02-19
CVE-2025-24841 Six Apart Movable Type 跨站脚本漏洞 — Movable Type (8.4.x series) 5.4 -2025-02-19
CVE-2025-25054 Six Apart Movable Type 跨站脚本漏洞 — Movable Type (8.4.x series) 6.1 -2025-02-19
CVE-2025-22888 Six Apart Movable Type 跨站脚本漏洞 — Movable Type (8.4.x series) 5.4 -2025-02-19
CVE-2025-1065 Visualizer: Tables and Charts Manager for WordPress <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File — Visualizer: Tables and Charts Manager for WordPress 6.4 Medium2025-02-19
CVE-2024-13799 User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — File Sharing & Download Manager – User Private Files 6.4 Medium2025-02-19
CVE-2025-22622 Age Verification - Reflected cross-site scripting (XSS) — Age Verification 4.3 Medium2025-02-19
CVE-2024-13443 Easypromos Plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Easypromos Plugin 6.4 Medium2025-02-19
CVE-2024-11582 Subscribe2 – Form, Email Subscribers & Newsletters <= 10.43 - Unauthenticated Stored Cross-Site Scripting via IP Parameter — Subscribe2 – Form, Email Subscribers & Newsletters 7.2 High2025-02-19
CVE-2024-13508 Booking Package <= 1.6.72 - Reflected Cross-Site Scripting via Locale Parameter — Booking Package 6.1 Medium2025-02-18
CVE-2024-13743 Wonder Video Embed <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wonder Video Embed 6.4 Medium2025-02-18
CVE-2025-22650 WordPress Smartarget.online Integration plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability — Smartarget 6.5 Medium2025-02-18
CVE-2025-27016 WordPress Drivr Lite – Google Drive Plugin plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability — Drivr Lite – Google Drive Plugin 6.5 Medium2025-02-18
CVE-2025-0817 FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — FormCraft 7.2 High2025-02-18
CVE-2024-13667 Uncode <= 2.9.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via mle-description — Uncode 5.4 Medium2025-02-18
CVE-2025-0521 Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 7.2 High2025-02-18
CVE-2024-13395 Threepress <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Threepress 6.4 Medium2025-02-18
CVE-2025-0864 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting — Active Products Tables for WooCommerce. Use constructor to create tables 6.1 Medium2025-02-18
CVE-2024-13575 Web Stories Enhancer – Level Up Your Web Stories <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Web Stories Enhancer – Level Up Your Web Stories 6.4 Medium2025-02-18
CVE-2024-13465 aBlocks – WordPress Gutenberg Blocks <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder 6.4 Medium2025-02-18
CVE-2024-11895 Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Online Payments – Get Paid with PayPal, Square & Stripe 6.4 Medium2025-02-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.