Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13848 STM Gallery 1.9 <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — STM Gallery 1.9 6.4 Medium2026-01-07
CVE-2025-14127 Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Testimonial Master 6.1 Medium2026-01-07
CVE-2025-14128 Stumble! for WordPress <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Stumble! for WordPress 6.1 Medium2026-01-07
CVE-2025-14796 My Album Gallery <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title — My Album Gallery 6.4 Medium2026-01-07
CVE-2025-14109 AH Shortcodes <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'column' Shortcode Attribute — AH Shortcodes 6.4 Medium2026-01-07
CVE-2025-13667 WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field — WP Recipe Manager 6.4 Medium2026-01-07
CVE-2025-14053 Travel Bucket List <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Travel Bucket List – Wish To Go 6.4 Medium2026-01-07
CVE-2025-13847 PhotoFade <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — PhotoFade 6.4 Medium2026-01-07
CVE-2025-13497 Recras WordPress plugin <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute — Recras 6.4 Medium2026-01-07
CVE-2025-13531 Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter — Stylish Order Form Builder 6.4 Medium2026-01-07
CVE-2025-15000 Page Keys <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'page_key' Parameter — Page Keys 4.4 Medium2026-01-07
CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting — Premmerce WooCommerce Customers Manager 6.1 Medium2026-01-07
CVE-2025-14888 Simple User Meta Editor <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via User Meta Value Field — Simple User Meta Editor 4.4 Medium2026-01-07
CVE-2025-14887 twinklesmtp – Email Service Provider For WordPress <= 1.03 - Authenticated (Administrator+) Stored Cross-Site Scripting via Sender Settings — twinklesmtp – Email Service Provider For WordPress 4.4 Medium2026-01-07
CVE-2025-14875 HBLPAY Payment Gateway for WooCommerce <= 5.0.0 - Reflected Cross-Site Scripting via 'cusdata' Parameter — HBLPAY Payment Gateway for WooCommerce 6.1 Medium2026-01-07
CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter — Customer Reviews for WooCommerce 6.4 Medium2026-01-07
CVE-2026-0642 projectworlds House Rental and Property Listing complaint.php cross site scripting — House Rental and Property Listing 2.4 Low2026-01-06
CVE-2025-31642 WordPress WPCHURCH plugin <= 2.7.0 - Reflected Cross Site Scripting (XSS) vulnerability — WPCHURCH 7.1 High2026-01-06
CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML — Enterprise Server 5.4 -2026-01-06
CVE-2025-30631 Reflected Cross Site Scripting (XSS) vulnerability in AA-Team WordPress plugins — Woocommerce Sales Funnel Builder 7.1 High2026-01-06
CVE-2024-31088 WordPress AdsPlace'r – Ad Manager, Inserter, AdSense Ads plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability — AdsPlace'r – Ad Manager, Inserter, AdSense Ads 6.5 Medium2026-01-06
CVE-2024-30547 WordPress Header Image Slider plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability — Header Image Slider 7.1 High2026-01-06
CVE-2025-69360 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for WPBakery) 6.5 Medium2026-01-06
CVE-2025-69357 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for Elementor) 6.5 Medium2026-01-06
CVE-2025-69362 WordPress UiChemy plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability — UiChemy 5.9 Medium2026-01-06
CVE-2025-69350 WordPress Accordion plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability — Accordion 5.9 Medium2026-01-06
CVE-2025-69335 WordPress Team Showcase plugin <= 2.9 - Cross Site Scripting (XSS) vulnerability — Team Showcase 6.5 Medium2026-01-06
CVE-2025-69334 WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability — Wishlist for WooCommerce 6.5 Medium2026-01-06
CVE-2025-69084 WordPress Photo Gallery plugin <= 2.7.7.26 - Reflected Cross Site Scripting (XSS) vulnerability — Photo Gallery 7.1 High2026-01-06
CVE-2025-69085 WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — JobBank 7.1 High2026-01-06

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.