CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-22518	WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability — X Addons for Elementor	6.5	Medium	2026-01-08
CVE-2026-22519	WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability — MediaPress	6.5	Medium	2026-01-08
CVE-2026-21873	Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages` — nicegui	7.2	High	2026-01-08
CVE-2026-21872	NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links — nicegui	6.1	Medium	2026-01-08
CVE-2026-21871	NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() — nicegui	6.1	Medium	2026-01-08
CVE-2025-14984	Gutenverse Form <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Gutenverse Form – Contact Form Builder, Booking, Reservation, Subscribe for Block Editor	6.4	Medium	2026-01-08
CVE-2025-68891	WordPress WP App Bar plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability — WP App Bar	7.1	High	2026-01-08
CVE-2025-68887	WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability — WP-BusinessDirectory	7.1	High	2026-01-08
CVE-2025-68889	WordPress Pinpoll plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability — Pinpoll	7.1	High	2026-01-08
CVE-2025-68890	WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — e-shops	7.1	High	2026-01-08
CVE-2025-68892	WordPress Scroll rss excerpt plugin <= 5.0 - Reflected Cross Site Scripting (XSS) vulnerability — Scroll rss excerpt	7.1	High	2026-01-08
CVE-2025-68873	WordPress PRIMER by chloédigital plugin <= 1.0.25 - Reflected Cross Site Scripting (XSS) vulnerability — PRIMER by chloédigital	7.1	High	2026-01-08
CVE-2025-68874	WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability — Visitor Stats Widget	7.1	High	2026-01-08
CVE-2025-68875	WordPress Flaming Password Reset plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability — Flaming Password Reset	6.5	Medium	2026-01-08
CVE-2025-68867	WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability — Effect Maker	6.5	Medium	2026-01-08
CVE-2025-67932	WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability — Listeo Core	7.1	High	2026-01-08
CVE-2025-67933	WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability — Taskbuilder	7.1	High	2026-01-08
CVE-2025-67930	WordPress eHive Search plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability — eHive Search	7.1	High	2026-01-08
CVE-2025-67927	WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability — Link Whisper Free	7.1	High	2026-01-08
CVE-2025-67922	WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability — Grand Restaurant	7.1	High	2026-01-08
CVE-2025-67918	WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability — Woffice	7.1	High	2026-01-08
CVE-2025-67916	WordPress Jobify theme <= 4.3.0 - Cross Site Scripting (XSS) vulnerability — Jobify	7.1	High	2026-01-08
CVE-2025-27004	WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Famous - Responsive Image And Video Grid Gallery WordPress Plugin	7.1	High	2026-01-08
CVE-2025-27002	WordPress CountDown With Image or Video Background plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability — CountDown With Image or Video Background	7.1	High	2026-01-08
CVE-2025-22725	WordPress WP Virtual Assistant plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability — WP Virtual Assistant	7.1	High	2026-01-08
CVE-2025-12551	WordPress ListingHub plugin 1.2.6 - Cross Site Scripting (XSS) vulnerability — ListingHub	7.1	High	2026-01-08
CVE-2025-13504	WordPress Real Estate Pro plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Real Estate Pro	7.1	High	2026-01-08
CVE-2025-14275	Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress	6.4	Medium	2026-01-08
CVE-2019-25284	V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Reflected Cross-Site Scripting Vulnerability — V-SOL GPON/EPON OLT Platform	6.1	Medium	2026-01-07
CVE-2019-25280	Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter — Yahei-PHP Prober	6.1	Medium	2026-01-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520