Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-39666 WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability — Hello Bar Popup Builder 6.1AIMediumAI2026-04-08
CVE-2026-39654 WordPress WP Simple HTML Sitemap plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability — WP Simple HTML Sitemap 5.4AIMediumAI2026-04-08
CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability — Leaflet Map 5.4AIMediumAI2026-04-08
CVE-2026-39638 WordPress Qubely plugin <= 1.8.14 - Cross Site Scripting (XSS) vulnerability — Qubely 5.4AIMediumAI2026-04-08
CVE-2026-39636 WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability — Livemesh Addons for Elementor 5.4AIMediumAI2026-04-08
CVE-2026-39615 WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability — Download Manager 5.4AIMediumAI2026-04-08
CVE-2026-39604 WordPress MyBookTable Bookstore plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability — MyBookTable Bookstore 5.4AIMediumAI2026-04-08
CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability — Custom Query Blocks 6.1AIMediumAI2026-04-08
CVE-2026-39541 WordPress Hydra Booking plugin <= 1.1.38 - Cross Site Scripting (XSS) vulnerability — Hydra Booking 5.4AIMediumAI2026-04-08
CVE-2026-39517 WordPress Blog Filter plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerability — Blog Filter 6.1AIMediumAI2026-04-08
CVE-2026-39508 WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1.1 - Cross Site Scripting (XSS) vulnerability — Advanced Coupons for WooCommerce Coupons 6.1AIMediumAI2026-04-08
CVE-2026-39500 WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability — themesflat-addons-for-elementor 5.4AIMediumAI2026-04-08
CVE-2026-39483 WordPress VK All in One Expansion Unit plugin <= 9.113.3 - Cross Site Scripting (XSS) vulnerability — VK All in One Expansion Unit 5.4AIMediumAI2026-04-08
CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability — Post Expirator 5.4AIMediumAI2026-04-08
CVE-2026-1396 Magic Conversation For Gravity Forms <= 3.0.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Magic Conversation For Gravity Forms 6.4 Medium2026-04-08
CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget — Element Pack – Widgets, Templates & Addons for Elementor 6.4 Medium2026-04-08
CVE-2025-1794 AM LottiePlayer <= 3.6.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG — AM LottiePlayer 5.4 Medium2026-04-08
CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute — Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets 6.4 Medium2026-04-08
CVE-2026-2838 Whole Enquiry Cart for WooCommerce <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter — Whole Enquiry Cart for WooCommerce 4.4 Medium2026-04-08
CVE-2026-5506 Wavr <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Wavr 6.4 Medium2026-04-08
CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WowPress 6.4 Medium2026-04-08
CVE-2026-3142 Pinterest Site Verification plugin using Meta Tag <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' — Pinterest Site Verification plugin using Meta Tag 6.4 Medium2026-04-08
CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field — Inquiry form to posts or pages 4.4 Medium2026-04-08
CVE-2026-4871 Sports Club Management <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute — Sports Club Management 6.4 Medium2026-04-08
CVE-2026-3311 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 6.4 Medium2026-04-08
CVE-2026-27787 ICZ MATCHA SNS 跨站脚本漏洞 — MATCHA SNS 6.1AIMediumAI2026-04-08
CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode — Strong Testimonials 6.4 Medium2026-04-08
CVE-2026-3600 Investi <= 1.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute — Investi 6.4 Medium2026-04-08
CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute — TableOn – WordPress Posts Table Filterable 6.4 Medium2026-04-08
CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — LatePoint – Calendar Booking Plugin for Appointments and Events 6.4 Medium2026-04-08

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.