CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21553

21553 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-22545	WordPress iframe to embed plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability — iframe to embed	6.5	Medium	2025-01-07
CVE-2025-22546	WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — jQuery TwentyTwenty	6.5	Medium	2025-01-07
CVE-2025-22547	WordPress JK Html To Pdf plugin <= 1.0.0 - CSRF to Stored XSS vulnerability — JK Html To Pdf	7.1	High	2025-01-07
CVE-2025-22548	WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability — ldap_login_password_and_role_manager	7.1	High	2025-01-07
CVE-2025-22550	WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability — AddFunc Mobile Detect	6.5	Medium	2025-01-07
CVE-2025-22549	WordPress WP Github plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability — WP Github	6.5	Medium	2025-01-07
CVE-2025-22551	WordPress Boot-Modal plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability — Boot-Modal	6.5	Medium	2025-01-07
CVE-2025-22554	WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — Video Embed Optimizer	6.5	Medium	2025-01-07
CVE-2025-22558	WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability — mcjh button shortcode	6.5	Medium	2025-01-07
CVE-2025-22573	WordPress Icons Enricher plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability — Icons Enricher	6.5	Medium	2025-01-07
CVE-2025-22572	WordPress Legacy ePlayer plugin <= 0.9.9 - Cross Site Scripting (XSS) vulnerability — Legacy ePlayer	6.5	Medium	2025-01-07
CVE-2025-22574	WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability — ICS Button	6.5	Medium	2025-01-07
CVE-2025-22578	WordPress WP Cookie plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — WP Cookie	5.9	Medium	2025-01-07
CVE-2025-22577	WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Able Player	6.5	Medium	2025-01-07
CVE-2025-22580	WordPress Biltorvet Dealer Tools plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability — Biltorvet Dealer Tools	6.5	Medium	2025-01-07
CVE-2025-22579	WordPress WP Header Notification plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability — WP Header Notification	5.9	Medium	2025-01-07
CVE-2025-22581	WordPress Arcade Ready plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — Arcade Ready	6.5	Medium	2025-01-07
CVE-2025-22584	WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability — Timeline Pro	6.5	Medium	2025-01-07
CVE-2025-22585	WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability — Ultimate Image Hover Effects	6.5	Medium	2025-01-07
CVE-2025-22593	WordPress Laika Pedigree Tree plugin <= 1.4 - CSRF to Stored XSS vulnerability — Laika Pedigree Tree	7.1	High	2025-01-07
CVE-2025-0295	code-projects Online Book Shop booklist.php cross site scripting — Online Book Shop	3.5	Low	2025-01-07
CVE-2024-12738	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	6.1	Medium	2025-01-07
CVE-2024-11826	Quill Forms \| The Best Typeform Alternative \| Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Quill Forms \| Conversational Multi Step Forms, Surveys & quizzes	6.4	Medium	2025-01-07
CVE-2024-49633	WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability — DirectoryPress	7.1	High	2025-01-07
CVE-2024-51700	WordPress NAVER Analytics plugin <= 0.9 - CSRF to Stored XSS vulnerability — NAVER Analytics	7.1	High	2025-01-07
CVE-2024-56274	WordPress Astra Widgets plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability — Astra Widgets	6.5	Medium	2025-01-07
CVE-2024-56285	WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross-Site Scripting vulnerability — WPBITS Addons For Elementor Page Builder	6.5	Medium	2025-01-07
CVE-2024-56287	WordPress WP jQuery DataTable Plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability — WP jQuery DataTable	6.5	Medium	2025-01-07
CVE-2024-56288	WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability — WP Docs	5.9	Medium	2025-01-07
CVE-2024-56289	WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability — Groundhogg	7.1	High	2025-01-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21553 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21553