CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-24658	WordPress Auction Nudge – Your eBay on Your Site plugin <= 7.2.0 - Cross Site Scripting (XSS) vulnerability — Auction Nudge – Your eBay on Your Site	5.9	Medium	2025-01-24
CVE-2025-24668	WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability — PPOM for WooCommerce	5.9	Medium	2025-01-24
CVE-2025-24657	WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability — Wishlist for WooCommerce	5.9	Medium	2025-01-24
CVE-2025-24644	WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability — WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels	5.9	Medium	2025-01-24
CVE-2025-24638	WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability — Create with Code	6.5	Medium	2025-01-24
CVE-2025-24627	WordPress Blur Text Plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability — Blur Text	6.5	Medium	2025-01-24
CVE-2025-24634	WordPress Orbisius Simple Notice plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — Orbisius Simple Notice	5.9	Medium	2025-01-24
CVE-2025-24610	WordPress Restrict Anonymous Access Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability — Restrict Anonymous Access	6.5	Medium	2025-01-24
CVE-2025-24595	WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — All Embed – Elementor Addons	6.5	Medium	2025-01-24
CVE-2025-24573	WordPress Pagelayer plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability — PageLayer	6.5	Medium	2025-01-24
CVE-2025-24547	WordPress Caching Compatible Cookie Opt-In plugin <= 0.0.10 - Stored Cross Site Scripting (XSS) vulnerability — Caching Compatible Cookie Opt-In and JavaScript	6.5	Medium	2025-01-24
CVE-2025-24570	WordPress Atarim plugin <= 4.0.8 - Cross Site Scripting (XSS) vulnerability — Atarim	7.1	High	2025-01-24
CVE-2025-24579	WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability — Nested Pages	5.9	Medium	2025-01-24
CVE-2025-24542	WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability — Icegram	6.5	Medium	2025-01-24
CVE-2025-24585	WordPress Event post plugin <= 5.9.7 - Stored Cross Site Scripting (XSS) vulnerability — Event post	6.5	Medium	2025-01-24
CVE-2025-24578	WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — ElementInvader Addons for Elementor	6.5	Medium	2025-01-24
CVE-2025-24575	WordPress HelloAsso plugin <= 1.1.11 - Cross Site Scripting (XSS) vulnerability — HelloAsso	6.5	Medium	2025-01-24
CVE-2024-13354	Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates	6.4	Medium	2025-01-24
CVE-2024-13542	WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Google Street View (with 360° virtual tour) & Google maps + Local SEO	6.4	Medium	2025-01-24
CVE-2024-13572	Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting — Precious Metals Charts and Widgets for WordPress	6.4	Medium	2025-01-24
CVE-2025-22714	WordPress MDJM Event Management Plugin <= 1.7.5.6 - Reflected Cross Site Scripting (XSS) vulnerability — Mobile DJ Manager	7.1	High	2025-01-24
CVE-2025-23889	WordPress FooGallery Captions Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — FooGallery Captions	7.1	High	2025-01-24
CVE-2025-23839	WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Sticky Button	7.1	High	2025-01-24
CVE-2025-23888	WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability — Custom Page Extensions	7.1	High	2025-01-24
CVE-2025-23837	WordPress One Backend Language Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — One Backend Language	7.1	High	2025-01-24
CVE-2025-23885	WordPress MJ Contact us Plugin <= 5.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — MJ Contact us	7.1	High	2025-01-24
CVE-2025-23838	WordPress Bauernregeln Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Bauernregeln	7.1	High	2025-01-24
CVE-2025-23622	WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability — CBX Accounting & Bookkeeping	7.1	High	2025-01-24
CVE-2025-23734	WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Gigaom Sphinx	7.1	High	2025-01-24
CVE-2025-23711	WordPress Quote me plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Quote me	7.1	High	2025-01-24

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551