CVE-2026-1755

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Menu Icons by ThemeIsle plugin <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by lucsob in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.20...

WordPress plugin Menu Icons by ThemeIsle 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-61685

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685

The CVE concerns Mastra (Typescript framework) with vulnerable versions 0.13.8–0.13.20-alpha.0, where a Directory Traversal flaw affects the MCP server package @mastra/mcp-docs-server. The issue stems from bypassable path-traversal checks in readMdxContent combined with a flawed execute path that...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

EUVD-2025-32426

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2025-61685 Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

PT-2025-40606

Name of the Vulnerable Software and Affected Versions Mastra versions 0.13.8 through 0.13.20-alpha.0 Description Mastra, a Typescript framework for building AI agents and assistants, is susceptible to a Directory Traversal issue. The framework includes a security check intended to prevent path...

Exposure of Information Through Directory Listing

Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing via the execute function. An attacker can access sensitive directory listings by...