Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

type:xss — CVE vulnerabilities tagged 48984

48984 CVE security advisories tagged "type:xss" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:xss" identifies Cross-Site Scripting, a critical web security vulnerability where attackers inject malicious scripts into trusted websites. This occurs when applications fail to properly validate or sanitize user input, allowing client-side code to execute within a victim’s browser session. The significance of XSS lies in its ability to bypass same-origin policies, enabling attackers to steal sensitive data like session cookies, credentials, or personal information, and to perform actions on behalf of the user. Typical scenarios include reflected XSS, where malicious links are sent via email or search results, and stored XSS, where scripts are permanently saved on target servers, such as in comment sections or forums. With over 48,000 associated CVEs, this widespread flaw remains a primary vector for web-based attacks, underscoring the necessity for robust input validation and output encoding practices in modern software development to protect user integrity and data confidentiality.

CVE IDTitleCVSSSeverityPublished
CVE-2025-53338 WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability — re.placeCWE-352 7.1 High2025-06-27
CVE-2025-53332 WordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) Vulnerability — Track EverythingCWE-352 7.1 High2025-06-27
CVE-2025-53329 WordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability — Społecznościowa 6 PL 2013CWE-352 7.1 High2025-06-27
CVE-2025-53331 WordPress RSS Digest plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability — RSS DigestCWE-352 7.1 High2025-06-27
CVE-2025-53325 WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability — Beauty Contact Popup FormCWE-79 5.9 Medium2025-06-27
CVE-2025-53321 WordPress Raise The Money plugin <= 5.2 - Cross Site Scripting (XSS) Vulnerability — Raise The MoneyCWE-79 6.5 Medium2025-06-27
CVE-2025-53320 WordPress Free Downloads EDD plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability — Free Downloads EDDCWE-79 6.5 Medium2025-06-27
CVE-2025-53317 WordPress WPShapere Lite plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) Vulnerability — WPShapere - WordPress admin themeCWE-352 7.1 High2025-06-27
CVE-2025-53315 WordPress Relocate Upload plugin <= 0.24.1 - Cross Site Request Forgery (CSRF) Vulnerability — Relocate UploadCWE-352 7.1 High2025-06-27
CVE-2025-53312 WordPress OnionBuzz plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability — OnionBuzzCWE-352 7.1 High2025-06-27
CVE-2025-53313 WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability — Twitch TV Embed SuiteCWE-352 7.1 High2025-06-27
CVE-2025-53311 WordPress Navayan Subscribe plugin <= 1.13 - Cross Site Request Forgery (CSRF) Vulnerability — Navayan SubscribeCWE-352 7.1 High2025-06-27
CVE-2025-53310 WordPress HidePost plugin <= 2.3.8 - Cross Site Request Forgery (CSRF) Vulnerability — HidePostCWE-352 7.1 High2025-06-27
CVE-2025-53308 WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability — Image Slider With DescriptionCWE-352 7.1 High2025-06-27
CVE-2025-53305 WordPress WP Forum Server plugin <= 1.8.2 - Cross Site Request Forgery (CSRF) Vulnerability — WP Forum ServerCWE-352 7.1 High2025-06-27
CVE-2025-53301 WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability — Theme Junkie Team ContentCWE-79 6.5 Medium2025-06-27
CVE-2025-53300 WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability — Podcast Feed Player Widget and ShortcodeCWE-79 6.5 Medium2025-06-27
CVE-2025-53296 WordPress EC Stars Rating plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability — EC Stars RatingCWE-79 5.9 Medium2025-06-27
CVE-2025-53294 WordPress Smart Agenda plugin <= 4.9 - Cross Site Scripting (XSS) Vulnerability — Smart AgendaCWE-79 6.5 Medium2025-06-27
CVE-2025-53290 WordPress WP Visual Sitemap plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability — WP Visual SitemapCWE-79 6.5 Medium2025-06-27
CVE-2025-53292 WordPress WP DataTable plugin <= 0.2.7 - Cross Site Scripting (XSS) Vulnerability — WP DataTableCWE-79 6.5 Medium2025-06-27
CVE-2025-53285 WordPress Add & Replace Affiliate Links for Amazon plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — Add & Replace Affiliate Links for AmazonCWE-79 5.9 Medium2025-06-27
CVE-2025-53287 WordPress Quick Favicon plugin <= 0.22.8 - Cross Site Scripting (XSS) Vulnerability — Quick FaviconCWE-79 5.9 Medium2025-06-27
CVE-2025-53282 WordPress Thumbnail Editor plugin <= 2.3.3 - Cross Site Scripting (XSS) Vulnerability — Thumbnail EditorCWE-79 6.5 Medium2025-06-27
CVE-2025-53279 WordPress Popup addon for Ninja Forms plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability — Popup addon for Ninja FormsCWE-79 6.5 Medium2025-06-27
CVE-2025-53280 WordPress Football Pool plugin <= 2.12.5 - Cross Site Scripting (XSS) Vulnerability — Football PoolCWE-79 6.5 Medium2025-06-27
CVE-2025-53278 WordPress WP AdCenter plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability — WP AdCenterCWE-79 6.5 Medium2025-06-27
CVE-2025-53275 WordPress Leyka plugin <= 3.32.1 - Cross Site Scripting (XSS) vulnerability — LeykaCWE-79 6.5 Medium2025-06-27
CVE-2025-53276 WordPress Omnipress plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability — OmnipressCWE-79 6.5 Medium2025-06-27
CVE-2025-53274 WordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) Vulnerability — WP Permalink TranslatorCWE-352 7.1 High2025-06-27

Vulnerabilities classified as type:xss represent 48984 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.