Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546

21546 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-48263 WordPress MultiVendorX plugin <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability — MultiVendorX 6.5 Medium2025-05-19
CVE-2025-48258 WordPress Mega Menu Block plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — Mega Menu Block 6.5 Medium2025-05-19
CVE-2025-48256 WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability — Import Social Events 6.5 Medium2025-05-19
CVE-2025-48254 WordPress Change Add to Cart Button Text for WooCommerce plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability — Change Add to Cart Button Text for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48252 WordPress Back Button Widget plugin <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability — Back Button Widget 6.5 Medium2025-05-19
CVE-2025-48253 WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce plugin <= 2.4.6 - Cross Site Scripting (XSS) Vulnerability — Free Shipping Bar: Amount Left for Free Shipping for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48251 WordPress Additional Custom Emails & Recipients for WooCommerce plugin <= 3.5.1 - Cross Site Scripting (XSS) Vulnerability — Additional Custom Emails & Recipients for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48250 WordPress Coupons & Add to Cart by URL Links for WooCommerce plugin <= 1.7.7 - Cross Site Scripting (XSS) Vulnerability — Coupons & Add to Cart by URL Links for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48249 WordPress EAN for WooCommerce plugin <= 5.4.6 - Cross Site Scripting (XSS) Vulnerability — EAN for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48248 WordPress Sitewide Discount for WooCommerce: Apply Discount to All Products plugin <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability — Sitewide Discount for WooCommerce: Apply Discount to All Products 6.5 Medium2025-05-19
CVE-2025-48244 WordPress Exclusive Addons Elementor plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability — Exclusive Addons Elementor 5.9 Medium2025-05-19
CVE-2025-48240 WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability — Cost of Goods for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48239 WordPress Product Notes Tab & Private Admin Notes for WooCommerce plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability — Product Notes Tab & Private Admin Notes for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48237 WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability — Wishlist for WooCommerce 6.5 Medium2025-05-19
CVE-2025-48235 WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability — WP Image Mask 6.5 Medium2025-05-19
CVE-2025-48236 WordPress bunny.net plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability — bunny.net 8.5 High2025-05-19
CVE-2025-48234 WordPress Ultimate Blocks plugin <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability — Ultimate Blocks 6.5 Medium2025-05-19
CVE-2025-48232 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability — Xpro Addons For Beaver Builder – Lite 6.5 Medium2025-05-19
CVE-2025-32999 appleple a-blog cms 跨站脚本漏洞 — a-blog cms 5.4 Medium2025-05-19
CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic 6.4 Medium2025-05-19
CVE-2025-4862 PHPGurukul Directory Management System searchdata.php cross site scripting — Directory Management System 4.3 Medium2025-05-18
CVE-2025-3715 Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter — Bold Page Builder 6.4 Medium2025-05-18
CVE-2025-4860 D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting — DAP-2695 2.4 Low2025-05-18
CVE-2025-4859 D-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scripting — DAP-2695 2.4 Low2025-05-18
CVE-2025-4858 D-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scripting — DAP-2695 2.4 Low2025-05-18
CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting — A3002R 2.4 Low2025-05-18
CVE-2025-47931 LibreNMS stored Cross-site Scripting vulnerability in poller group name — librenms 5.4AIMediumAI2025-05-17
CVE-2025-3888 Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG — Jupiter X Core 6.4 Medium2025-05-17
CVE-2025-4669 Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode — Booking Calendar 6.4 Medium2025-05-17
CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode — WP-Members Membership Plugin 6.4 Medium2025-05-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21546 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.