CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-24708	WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability — WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms	7.1	High	2025-01-27
CVE-2025-24626	WordPress Music Store – WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability — Music Store	7.1	High	2025-01-27
CVE-2025-24593	WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability — Edwiser Bridge	7.1	High	2025-01-27
CVE-2025-23669	WordPress WP Smart Tooltip plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — WP Smart Tooltip	6.5	Medium	2025-01-27
CVE-2025-23752	WordPress CGD Arrange Terms plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability — CGD Arrange Terms	7.1	High	2025-01-27
CVE-2025-23574	WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — CubePM	7.1	High	2025-01-27
CVE-2025-23754	WordPress The Loops plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — The Loops	7.1	High	2025-01-27
CVE-2025-23756	WordPress LawPress plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability — LawPress – Law Firm Website Management	7.1	High	2025-01-27
CVE-2025-23531	WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability — RSVPMaker Volunteer Roles	7.1	High	2025-01-27
CVE-2025-22513	WordPress Simple Locator Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — Simple Locator	7.1	High	2025-01-27
CVE-2025-23792	WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability — Passwordless WP – Login with your glance or fingerprint	7.1	High	2025-01-27
CVE-2025-23457	WordPress Shipdeo plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Shipdeo	7.1	High	2025-01-27
CVE-2022-4975	Rhacs: cross-site scripting in portal — Red Hat Advanced Cluster Security 3	8.9	High	2025-01-27
CVE-2024-11348	Reflected XSS in Eura7 CMSmanager — CMSmanager	6.1	-	2025-01-27
CVE-2023-46187	IBM InfoSphere Master Data Management cross-site scripting — InfoSphere Master Data Management	5.4	Medium	2025-01-27
CVE-2025-0721	needyamin image_gallery view.php cross site scripting — image_gallery	4.3	Medium	2025-01-26
CVE-2024-13505	Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question — Survey Maker	5.5	Medium	2025-01-26
CVE-2024-12334	WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting — WC Affiliate – WooCommerce Affiliate Plugin	6.1	Medium	2025-01-26
CVE-2024-10636	Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content — Quiz Maker Developer	6.1	Medium	2025-01-26
CVE-2024-35145	IBM Maximo Application Suite cross-site scripting — Maximo Application Suite	6.1	Medium	2025-01-25
CVE-2025-0350	Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets — Divi Carousel Free (Divi5 Support)	6.4	Medium	2025-01-25
CVE-2024-13551	ABC Notation <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — ABC Notation	6.4	Medium	2025-01-25
CVE-2024-13441	Bilingual Linker <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bilingual Linker	6.4	Medium	2025-01-25
CVE-2024-12817	Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Etsy Importer	6.4	Medium	2025-01-25
CVE-2024-13586	Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Masy Gallery	6.4	Medium	2025-01-25
CVE-2024-13467	WP Contact Form7 Email Spam Blocker <= 1.0.0 - Reflected Cross-Site Scripting — WP Contact Form7 Email Spam Blocker	6.1	Medium	2025-01-25
CVE-2024-11825	Broadstreet <= 1.51.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via zone Parameter — Broadstreet	6.4	Medium	2025-01-25
CVE-2024-13458	WordPress SEO Friendly Accordion FAQ with AI assisted content generation <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WordPress SEO Friendly Accordion FAQ with AI assisted content generation	6.4	Medium	2025-01-25
CVE-2024-13599	LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	6.4	Medium	2025-01-25
CVE-2024-13548	Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Power Ups for Elementor	6.4	Medium	2025-01-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551