CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517

21517 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-24617	WordPress Easy Modal plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability — Easy Modal	6.5	Medium	2026-01-23
CVE-2026-24614	WordPress Flex QR Code Generator plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — Flex QR Code Generator	5.9	Medium	2026-01-23
CVE-2026-24601	WordPress Penci Pay Writer plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability — Penci Pay Writer	6.5	Medium	2026-01-23
CVE-2026-24600	WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability — Penci Review	6.5	Medium	2026-01-23
CVE-2026-24594	WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability — Livemesh Addons for WPBakery Page Builder	5.9	Medium	2026-01-23
CVE-2026-24591	WordPress Turn Yoast SEO FAQ Block to Accordion plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability — Turn Yoast SEO FAQ Block to Accordion	6.5	Medium	2026-01-23
CVE-2026-24584	WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — Tutor LMS BunnyNet Integration	5.9	Medium	2026-01-23
CVE-2026-24576	WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability — UX Flat	6.5	Medium	2026-01-23
CVE-2026-24555	WordPress ArtPlacer Widget plugin <= 2.23.2 - Cross Site Scripting (XSS) vulnerability — ArtPlacer Widget	6.5	Medium	2026-01-23
CVE-2026-24558	WordPress ABG Rich Pins plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — ABG Rich Pins	6.5	Medium	2026-01-23
CVE-2026-24550	WordPress Blockons plugin <= 1.2.19 - Cross Site Scripting (XSS) vulnerability — Blockons	6.5	Medium	2026-01-23
CVE-2026-24526	WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability — Email Inquiry & Cart Options for WooCommerce	6.5	Medium	2026-01-23
CVE-2026-24528	WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability — Nova Blocks	6.5	Medium	2026-01-23
CVE-2026-0914	WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode — WP DSGVO Tools (GDPR)	6.4	Medium	2026-01-23
CVE-2025-2204	XSS in Tapandsign Technologies' Tap&Sign App — Tap&Sign	4.7	Medium	2026-01-23
CVE-2025-14745	RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging	6.4	Medium	2026-01-23
CVE-2025-14069	Schema & Structured Data for WP & AMP <= 1.54 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Custom Schema — Schema & Structured Data for WP & AMP	6.4	Medium	2026-01-23
CVE-2025-15522	Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin	6.4	Medium	2026-01-23
CVE-2026-0788	ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability — 8180 IP Audio Alerter	6.1	-	2026-01-23
CVE-2026-21264	Microsoft Account Spoofing Vulnerability — Microsoft Account	9.3	Critical	2026-01-22
CVE-2025-9289	Cross-Site Scripting (XSS) on Omada Controllers — Omada Software Controller	4.7^AI	Medium^AI	2026-01-22
CVE-2026-0535	Stored XSS in Electronic Library Component Description — Fusion	7.1	High	2026-01-22
CVE-2026-0534	Stored XSS in the value of a part attribute — Fusion	7.1	High	2026-01-22
CVE-2026-0533	Stored XSS in Fusion desktop when attempting to delete a file — Fusion	7.1	High	2026-01-22
CVE-2026-24389	WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Gallery PhotoBlocks	6.5	Medium	2026-01-22
CVE-2026-24383	WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability — B Slider	6.5	Medium	2026-01-22
CVE-2026-24361	WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability — LearnPress – Course Review	6.5	Medium	2026-01-22
CVE-2026-24355	WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability — Houzez Theme - Functionality	6.5	Medium	2026-01-22
CVE-2026-24354	WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability — Penci Shortcodes & Performance	6.5	Medium	2026-01-22
CVE-2026-23976	WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability — Modula Image Gallery	5.9	Medium	2026-01-22

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517