CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-23438	WordPress WP PT-Viewer plugin <= 2.0.2 - Reflected XSS vulnerability — WP PT-Viewer	7.1	High	2025-01-16
CVE-2025-23434	WordPress Easy EU Cookie law plugin <= 1.3.3.1 - Stored Cross Site Scripting (XSS) vulnerability — Easy EU Cookie law	6.5	Medium	2025-01-16
CVE-2025-23444	WordPress Scroll Top Advanced plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability — Scroll Top Advanced	6.5	Medium	2025-01-16
CVE-2025-23453	WordPress Stars SMTP Mailer plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability — Stars SMTP Mailer	7.1	High	2025-01-16
CVE-2025-23429	WordPress Altima Lookbook Free for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Altima Lookbook Free for WooCommerce	7.1	High	2025-01-16
CVE-2025-23432	WordPress AlT Report plugin <= 1.12.0 - Cross Site Scripting (XSS) vulnerability — AlT Report	7.1	High	2025-01-16
CVE-2024-41746	IBM CICS TX cross-site scripting — CICS TX Advanced	7.2	High	2025-01-16
CVE-2024-13387	WP Responsive Tabs <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Responsive Tabs	6.4	Medium	2025-01-16
CVE-2024-11452	Chamber Dashboard Business Directory <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Chamber Dashboard Business Directory	6.4	Medium	2025-01-16
CVE-2025-0170	DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting — DWT - Directory & Listing WordPress Theme	6.1	Medium	2025-01-16
CVE-2025-0215	UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting — UpdraftPlus: WP Backup & Migration Plugin	6.1	Medium	2025-01-15
CVE-2025-0485	Fanli2012 native-php-cms sysconfig_doedit.php cross site scripting — native-php-cms	3.5	Low	2025-01-15
CVE-2025-0483	Fanli2012 native-php-cms jump.php cross site scripting — native-php-cms	3.5	Low	2025-01-15
CVE-2024-7085	Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM). — Solutions Business Manager (SBM)	6.1	-	2025-01-15
CVE-2025-22317	WordPress Gallery Images Ape plugin <= 2.2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Photo Gallery – Image Gallery by Ape	7.1	High	2025-01-15
CVE-2025-22329	WordPress Free Google Maps plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Free Google Maps	6.5	Medium	2025-01-15
CVE-2025-22587	WordPress SEO Bulk Editor plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — SEO Bulk Editor	6.5	Medium	2025-01-15
CVE-2025-22724	WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Product Carousel For WooCommerce – WoorouSell	6.5	Medium	2025-01-15
CVE-2025-22734	WordPress Posts Footer Manager Plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability — Posts Footer Manager	5.9	Medium	2025-01-15
CVE-2025-22742	WordPress WP ViewSTL plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — WP ViewSTL	6.5	Medium	2025-01-15
CVE-2025-22738	WordPress WP ULike plugin <= 4.7.6 - Cross Site Scripting (XSS) vulnerability — WP ULike	5.9	Medium	2025-01-15
CVE-2025-22744	WordPress S-DEV SEO plugin <= 1.88 - Cross Site Scripting (XSS) vulnerability — S-DEV SEO	6.5	Medium	2025-01-15
CVE-2025-22743	WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Twitter Bootstrap Collapse aka Accordian Shortcode	6.5	Medium	2025-01-15
CVE-2025-22745	WordPress Navigation Du Lapin Blanc plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — Navigation Du Lapin Blanc	6.5	Medium	2025-01-15
CVE-2025-22746	WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability — HireHive Job Plugin	6.5	Medium	2025-01-15
CVE-2025-22747	WordPress Foundation Columns plugin <= 0.8 - Stored Cross Site Scripting (XSS) vulnerability — Foundation Columns	6.5	Medium	2025-01-15
CVE-2025-22749	WordPress Social Media Engine plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability — Social Media Engine	6.5	Medium	2025-01-15
CVE-2025-22748	WordPress SetMore Theme – Custom Post Types plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability — SetMore Theme – Custom Post Types	6.5	Medium	2025-01-15
CVE-2025-22750	WordPress Post Carousel & Slider plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — Post Carousel & Slider	7.1	High	2025-01-15
CVE-2025-22751	WordPress Partners Plugin <= 0.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — Partners	7.1	High	2025-01-15

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551