CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-22264	WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP Query Creator	7.1	High	2025-01-23
CVE-2025-23541	WordPress Download, Downloads plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability — Download, Downloads	7.1	High	2025-01-23
CVE-2025-23540	WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP Front-end login and register	7.1	High	2025-01-23
CVE-2024-10539	Reflected XSS in Uyumsoft's ERP — Uyumsoft ERP	5.5	Medium	2025-01-23
CVE-2024-12118	The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Events Calendar	6.4	Medium	2025-01-23
CVE-2024-13340	MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — MDTF – Meta Data and Taxonomies Filter	6.4	Medium	2025-01-23
CVE-2024-13389	Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Cliptakes	6.4	Medium	2025-01-23
CVE-2024-13422	SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting — SEO Blogger to WordPress Migration using 301 Redirection	6.1	Medium	2025-01-23
CVE-2024-12504	Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP	6.4	Medium	2025-01-23
CVE-2024-12043	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for Elementor	6.4	Medium	2025-01-23
CVE-2023-50309	IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard Edition	6.4	Medium	2025-01-23
CVE-2023-32340	IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard Edition	4.6	Medium	2025-01-23
CVE-2025-24530	phpMyAdmin 跨站脚本漏洞 — phpMyAdmin	6.4	Medium	2025-01-23
CVE-2025-24529	phpMyAdmin 跨站脚本漏洞 — phpMyAdmin	6.4	Medium	2025-01-23
CVE-2024-12477	Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets — Avada (Fusion) Builder	6.4	Medium	2025-01-22
CVE-2024-51457	IBM Robotic Process Automation for Cloud Pak cross-site scripting — Robotic Process Automation for Cloud Pak	4.4	Medium	2025-01-22
CVE-2025-23809	WordPress Blue Wrench Video Widget Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Blue Wrench Video Widget	7.1	High	2025-01-22
CVE-2025-23992	WordPress Toocheke Companion plugin <= 1.166 - Stored Cross Site Scripting (XSS) vulnerability — Toocheke Companion	5.9	Medium	2025-01-22
CVE-2025-23882	WordPress WP Download Codes Plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability — WP Download Codes	7.1	High	2025-01-22
CVE-2025-23846	WordPress Flexible Blogtitle Plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Flexible Blogtitle	7.1	High	2025-01-22
CVE-2025-23812	WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability — Contact Form 7 Round Robin Lead Distribution	7.1	High	2025-01-22
CVE-2025-23768	WordPress InFunding plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — InFunding	7.1	High	2025-01-22
CVE-2025-23746	WordPress CMC MIGRATE plugin <= 0.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — CMC MIGRATE	7.1	High	2025-01-22
CVE-2025-23709	WordPress Formatted post plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability — Formatted post	7.1	High	2025-01-22
CVE-2025-23643	WordPress ReadMe Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — ReadMe Creator	7.1	High	2025-01-22
CVE-2025-23506	WordPress WP IMAP Auth plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — WP IMAP Auth	7.1	High	2025-01-22
CVE-2025-23462	WordPress FWD Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — FWD Slider	7.1	High	2025-01-22
CVE-2025-23475	WordPress History timeline plugin <= 0.7.2 - Reflected Cross Site Scripting (XSS) vulnerability — History timeline	7.1	High	2025-01-22
CVE-2025-23449	WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — Simple shortcode buttons	7.1	High	2025-01-22
CVE-2025-22772	WordPress Mapbox for WP Advanced Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — Mapbox for WP Advanced	7.1	High	2025-01-22

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551