Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11623 Stored XSS in authentik — authentik 4.8 -2025-02-04
CVE-2024-13699 Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Qi Addons For Elementor 6.4 Medium2025-02-04
CVE-2024-13733 SKT Blocks – Gutenberg based Page Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — SKT Blocks – Gutenberg based Page Builder 6.4 Medium2025-02-04
CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More 6.4 Medium2025-02-04
CVE-2024-12597 HT Mega <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via block_css and inner_css — HT Mega Addons for Elementor – Elementor Widgets & Template Builder 6.4 Medium2025-02-04
CVE-2025-23210 Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet — PhpSpreadsheet 6.1 -2025-02-03
CVE-2024-11132 Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Eventer - WordPress Event & Booking Manager Plugin 6.4 Medium2025-02-03
CVE-2025-23984 WordPress Dynamic URL SEO plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Dynamic URL SEO 7.1 High2025-02-03
CVE-2025-22704 WordPress Signature plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability — WordPress Signature 7.1 High2025-02-03
CVE-2025-22775 WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability — Catalog Importer, Scraper & Crawler 7.1 High2025-02-03
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability — WP BASE Booking 7.1 High2025-02-03
CVE-2025-22683 WordPress NotificationX plugin <= 2.9.5 - Cross Site Scripting (XSS) vulnerability — NotificationX 6.5 Medium2025-02-03
CVE-2025-22682 WordPress Hesabfa Accounting Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Hesabfa Accounting 7.1 High2025-02-03
CVE-2025-22679 WordPress Job Board Manager Plugin <= 2.1.61 - Reflected Cross Site Scripting (XSS) vulnerability — Job Board Manager 7.1 High2025-02-03
CVE-2025-22292 WordPress Powerful Auto Chat plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability — Powerful Auto Chat 6.5 Medium2025-02-03
CVE-2025-24707 WordPress Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin <= 2.7.7.24 - Reflected Cross Site Scripting (XSS) vulnerability — Photo Gallery 7.1 High2025-02-03
CVE-2025-24646 WordPress XML for Avito Plugin <= 2.5.2 - Reflected Cross Site Scripting (XSS) vulnerability — XML for Avito 7.1 High2025-02-03
CVE-2025-24660 WordPress Simple Membership Custom Messages Plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability — Simple Membership Custom Messages 7.1 High2025-02-03
CVE-2025-24656 WordPress Realtyna Provisioning Plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — Realtyna Provisioning 7.1 High2025-02-03
CVE-2025-24684 WordPress Media Downloader Plugin <= 0.4.7.5 - Reflected Cross Site Scripting (XSS) vulnerability — Media Downloader 7.1 High2025-02-03
CVE-2025-24676 WordPress Custom WP Store Locator plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability — Custom WP Store Locator 7.1 High2025-02-03
CVE-2025-24629 WordPress Import Excel to Gravity Forms Plugin <= 1.18 - Reflected Cross Site Scripting (XSS) vulnerability — Import Excel to Gravity Forms 7.1 High2025-02-03
CVE-2025-24631 WordPress BP Email Assign Templates Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability — BP Email Assign Templates 7.1 High2025-02-03
CVE-2025-24630 WordPress Sikshya LMS Plugin <= 0.0.21 - Reflected Cross Site Scripting (XSS) vulnerability — Sikshya LMS 7.1 High2025-02-03
CVE-2025-24620 WordPress AIO Shortcodes plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability — AIO Shortcodes 7.1 High2025-02-03
CVE-2025-24557 WordPress PlainInventory plugin <= 3.1.5 - Reflected Cross Site Scripting (XSS) vulnerability — PlainInventory 7.1 High2025-02-03
CVE-2025-24576 WordPress Landing Page Cat plugin <= 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability — Landing Page Cat 7.1 High2025-02-03
CVE-2025-24559 WordPress WP Mailster plugin <= 1.8.15.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP Mailster 7.1 High2025-02-03
CVE-2025-24574 WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability — PeproDev WooCommerce Receipt Uploader 7.1 High2025-02-03
CVE-2025-24545 WordPress BSK Forms Validation plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability — BSK Forms Validation 7.1 High2025-02-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.