CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25463	WordPress Wpresidence Core plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability — Wpresidence Core	5.4^AI	Medium^AI	2026-02-19
CVE-2026-25451	WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability — Bold Page Builder	5.4^AI	Medium^AI	2026-02-19
CVE-2026-25453	WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability — Advanced iFrame	6.1^AI	Medium^AI	2026-02-19
CVE-2026-25432	WordPress Omnipress plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability — Omnipress	5.4^AI	Medium^AI	2026-02-19
CVE-2026-25362	WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability — FooGallery	5.4^AI	Medium^AI	2026-02-19
CVE-2026-25343	WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability — WP SMS	6.1^AI	Medium^AI	2026-02-19
CVE-2026-25331	WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability — WP Activity Log	6.1^AI	Medium^AI	2026-02-19
CVE-2026-25305	WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability — XStore	6.1^AI	Medium^AI	2026-02-19
CVE-2026-25307	WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability — XStore Core	6.1^AI	Medium^AI	2026-02-19
CVE-2026-25004	WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability — CM Business Directory	5.9	Medium	2026-02-19
CVE-2026-24392	WordPress HurryTimer plugin <= 2.14.2 - Cross Site Scripting (XSS) vulnerability — HurryTimer	5.4^AI	Medium^AI	2026-02-19
CVE-2026-1055	TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter — TalkJS	4.4	Medium	2026-02-19
CVE-2026-1373	Easy Author Image <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL — Easy Author Image	6.4	Medium	2026-02-19
CVE-2025-14445	Image Hotspot by DevVN <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta — Image Hotspot by DevVN	6.4	Medium	2026-02-19
CVE-2026-0561	Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches	6.1	Medium	2026-02-19
CVE-2025-14983	Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Advanced Custom Fields: Font Awesome Field	6.4	Medium	2026-02-19
CVE-2025-14452	WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter — WP Customer Reviews	7.2	High	2026-02-19
CVE-2026-1044	Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters — Tennis Court Bookings	4.4	Medium	2026-02-19
CVE-2025-14851	YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters — YaMaps for WordPress Plugin	6.4	Medium	2026-02-19
CVE-2026-1043	PostmarkApp Email Integrator <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — PostmarkApp Email Integrator	4.4	Medium	2026-02-19
CVE-2025-14076	iXML – Google XML sitemap generator <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter — iXML – Google XML sitemap generator	6.1	Medium	2026-02-19
CVE-2026-0549	Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode — Groups	6.4	Medium	2026-02-19
CVE-2025-13738	Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Table of Contents	6.4	Medium	2026-02-19
CVE-2026-1047	salavat counter Plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter — salavat counter Plugin	4.4	Medium	2026-02-19
CVE-2026-0556	XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode — XO Event Calendar	6.4	Medium	2026-02-19
CVE-2025-13617	Apollo13 Framework Extension <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter — Apollo13 Framework Extensions	6.4	Medium	2026-02-19
CVE-2026-2282	Slidorion <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings — Slidorion	4.4	Medium	2026-02-19
CVE-2025-13612	Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode — Album and Image Gallery Plus Lightbox	6.4	Medium	2026-02-19
CVE-2026-1646	Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute — Advance Block Extend	6.4	Medium	2026-02-19
CVE-2025-13732	s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions	6.4	Medium	2026-02-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506