Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms — OpenCms 5.4 -2026-02-19
CVE-2026-27094 WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability — CoBlocks 6.5 Medium2026-02-19
CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability — Soledad 6.5 Medium2026-02-19
CVE-2026-27074 WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability — Shortcoder 6.5 Medium2026-02-19
CVE-2026-27058 WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Penci Podcast 6.5 Medium2026-02-19
CVE-2026-27059 WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability — Penci Recipe 6.5 Medium2026-02-19
CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Penci Filter Everything 6.5 Medium2026-02-19
CVE-2026-25472 WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability — Fusion Builder 6.5 Medium2026-02-19
CVE-2026-25463 WordPress Wpresidence Core plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability — Wpresidence Core 6.5 Medium2026-02-19
CVE-2026-25451 WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability — Bold Page Builder 6.5 Medium2026-02-19
CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability — Advanced iFrame 6.5 Medium2026-02-19
CVE-2026-25432 WordPress Omnipress plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability — Omnipress 6.5 Medium2026-02-19
CVE-2026-25362 WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability — FooGallery 5.9 Medium2026-02-19
CVE-2026-25343 WordPress WP SMS plugin <= 7.1 - Cross Site Scripting (XSS) vulnerability — WP SMS 5.9 Medium2026-02-19
CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability — WP Activity Log 6.5 Medium2026-02-19
CVE-2026-25305 WordPress XStore theme <= 9.6.4 - Cross Site Scripting (XSS) vulnerability — XStore 6.5 Medium2026-02-19
CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability — XStore Core 6.5 Medium2026-02-19
CVE-2026-25004 WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability — CM Business Directory 5.9 Medium2026-02-19
CVE-2026-24392 WordPress HurryTimer plugin <= 2.14.2 - Cross Site Scripting (XSS) vulnerability — HurryTimer 5.9 Medium2026-02-19
CVE-2026-1055 TalkJS <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter — TalkJS 4.4 Medium2026-02-19
CVE-2026-1373 Easy Author Image <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL — Easy Author Image 6.4 Medium2026-02-19
CVE-2025-14445 Image Hotspot by DevVN <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta — Image Hotspot by DevVN 6.4 Medium2026-02-19
CVE-2026-0561 Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 6.1 Medium2026-02-19
CVE-2025-14983 Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Advanced Custom Fields: Font Awesome Field 6.4 Medium2026-02-19
CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter — WP Customer Reviews 7.2 High2026-02-19
CVE-2026-1044 Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters — Tennis Court Bookings 4.4 Medium2026-02-19
CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters — YaMaps for WordPress Plugin 6.4 Medium2026-02-19
CVE-2026-1043 PostmarkApp Email Integrator <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — PostmarkApp Email Integrator 4.4 Medium2026-02-19
CVE-2025-14076 iXML – Google XML sitemap generator <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter — iXML – Google XML sitemap generator 6.1 Medium2026-02-19
CVE-2026-0549 Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode — Groups 6.4 Medium2026-02-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.