Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21553

21553 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12516 Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Coupon Plugin 6.4 Medium2025-01-07
CVE-2024-12077 Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' — Booking calendar, Appointment Booking System 6.1 Medium2025-01-07
CVE-2024-12437 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Marketplace Items 6.4 Medium2025-01-07
CVE-2024-11764 Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Solar Wizard Lite 6.4 Medium2025-01-07
CVE-2024-12495 Bootstrap Blocks for WP Editor v2 <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bootstrap Blocks for WP Editor v2 6.4 Medium2025-01-07
CVE-2024-12499 WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP jQuery DataTable 6.4 Medium2025-01-07
CVE-2024-9354 Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting — Estatik Mortgage Calculator 6.1 Medium2025-01-07
CVE-2024-12624 Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ — Sina Extension for Elementor 6.4 Medium2025-01-07
CVE-2024-9502 Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 6.4 Medium2025-01-07
CVE-2024-12384 Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page' — Binary MLM For WooCommerce 6.1 Medium2025-01-07
CVE-2024-11756 SweepWidget Contests, Giveaways, Photo Contests, Competitions <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — SweepWidget – Contests, Giveaways, Sweepstakes & Photo Contests 6.4 Medium2025-01-07
CVE-2024-11887 Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Geo Content 6.4 Medium2025-01-07
CVE-2024-12440 Candifly <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Candifly 6.4 Medium2025-01-07
CVE-2024-12073 Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Meteor Slides 6.4 Medium2025-01-07
CVE-2024-12633 JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page — JoomSport – for Sports: Team & League, Football, Hockey & more 7.1 High2025-01-07
CVE-2024-12438 WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.75 - Reflected Cross-Site Scripting — Digital Content Delivery (incl. DRM) by Flickrocket for WooCommerce 6.1 Medium2025-01-07
CVE-2024-9702 Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Social Rocket – Social Sharing Plugin 6.4 Medium2025-01-07
CVE-2024-12261 SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting — SmartEmailing 6.1 Medium2025-01-07
CVE-2024-12464 Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Chatroll Live Chat 6.4 Medium2025-01-07
CVE-2024-12439 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode — Marketplace Items 6.4 Medium2025-01-07
CVE-2024-11369 Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected Cross-Site Scripting — Store credit / Gift cards for woocommerce 6.1 Medium2025-01-07
CVE-2024-11749 App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — App Embed 6.4 Medium2025-01-07
CVE-2024-12324 Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page' — Unilevel MLM Plan 6.1 Medium2025-01-07
CVE-2024-12435 Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting — Compare Products for WooCommerce 6.1 Medium2025-01-07
CVE-2024-12445 RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — RightMessage WP 6.4 Medium2025-01-07
CVE-2024-11382 Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites 6.4 Medium2025-01-07
CVE-2024-11810 PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting — PayGreen Payment Gateway 6.1 Medium2025-01-07
CVE-2024-9208 Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting — Enable Accessibility 6.1 Medium2025-01-07
CVE-2024-12256 Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting — Simple Video Management System 6.1 Medium2025-01-07
CVE-2024-11377 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting — Automate Hub Free by Sperse.IO 6.1 Medium2025-01-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21553 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.