Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3353 Comment SPAM Wiper <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting — Comment SPAM Wiper 4.4 Medium2026-03-21
CVE-2026-1911 Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute — Twitter Feeds 6.4 Medium2026-03-21
CVE-2026-0609 Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'logo-slider' Shortcode — Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin 6.4 Medium2026-03-21
CVE-2026-1575 Schema Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Schema Shortcode 6.4 Medium2026-03-21
CVE-2026-1275 Multi Post Carousel by Category <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute — Multi Post Carousel by Category 6.4 Medium2026-03-21
CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes — Paypal Shortcodes 6.4 Medium2026-03-21
CVE-2026-1908 Integration with Hubspot Forms <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Integration with Hubspot Forms 6.4 Medium2026-03-21
CVE-2026-3347 Multi Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter — Multi Functional Flexi Lightbox 5.5 Medium2026-03-21
CVE-2026-1647 Comment Genius <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Comment Genius 6.1 Medium2026-03-21
CVE-2026-2427 itsukaita <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter — itsukaita 6.1 Medium2026-03-21
CVE-2026-4072 WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute — WordPress PayPal Donation 6.4 Medium2026-03-21
CVE-2026-3333 MinhNhut Link Gateway <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — MinhNhut Link Gateway 6.4 Medium2026-03-21
CVE-2026-3619 Sheets2Table <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute — Sheets2Table 6.4 Medium2026-03-21
CVE-2026-3003 Vagaro Booking Widget <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' — Vagaro Booking Widget 7.2 High2026-03-21
CVE-2026-3996 WP Games Embed <= 0.1beta - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP Games Embed 6.4 Medium2026-03-21
CVE-2026-1806 Tour & Activity Operator Plugin for TourCMS <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Tour & Activity Operator Plugin for TourCMS 6.4 Medium2026-03-21
CVE-2026-1899 Any Post Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute — Any Post Slider 6.4 Medium2026-03-21
CVE-2026-1247 Survey <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Survey 4.4 Medium2026-03-21
CVE-2026-1886 Go Night Pro | WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute — Go Night Pro | WordPress Dark Mode Plugin 6.4 Medium2026-03-21
CVE-2026-1891 Simple Football Scoreboard <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Simple Football Scoreboard 6.4 Medium2026-03-21
CVE-2025-13910 WP-WebAuthn <= 1.3.4 - Unauthenticated Stored Cross-Site Scripting — WP-WebAuthn 6.1 Medium2026-03-21
CVE-2026-2496 Ed's Font Awesome <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Ed's Font Awesome 6.4 Medium2026-03-21
CVE-2026-4069 Alfie – Feed Plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter — Alfie – Feed Plugin 6.1 Medium2026-03-21
CVE-2026-2424 Reward Video Ad for WordPress <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings — Reward Video Ad for WordPress 4.4 Medium2026-03-21
CVE-2026-4084 fyyd podcast shortcodes <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute — fyyd podcast shortcodes 6.4 Medium2026-03-21
CVE-2026-1093 WPFAQBlock– FAQ & Accordion Plugin For Gutenberg <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute — WPFAQBlock– FAQ & Accordion Plugin For Gutenberg 6.4 Medium2026-03-21
CVE-2026-2277 rexCrawler <= 1.0.15 - Reflected Cross-Site Scripting via 'url' and 'regex' Parameters — rexCrawler 6.1 Medium2026-03-21
CVE-2026-4067 Ad Short <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'client' Shortcode Attribute — Ad Short 6.4 Medium2026-03-21
CVE-2026-1851 iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute — iVysilani Shortcode 6.4 Medium2026-03-21
CVE-2026-1889 Outgrow <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute — Outgrow 6.4 Medium2026-03-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.