PT-2026-5886

Name of the Vulnerable Software and Affected Versions SportsPress plugin for WordPress versions through 2.7.26 Description The SportsPress plugin for WordPress is susceptible to Local File Inclusion via the 'template name' attribute within shortcodes. This allows authenticated attackers with...

CVE-2022-2219

The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

WordPress FooBox Image Lightbox Plugin < 2.7.27 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions 2.7.27 Fixed in 2.7.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0aedda1b7b63 Credits Rafie Muhammad Patchstack...

PT-2023-17068 · WordPress · Ad Inserter

Name of the Vulnerable Software and Affected Versions: Ad Inserter WordPress plugin versions prior to 2.7.27 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input...

Cross site scripting

The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

WordPress plugin Unyson 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Unyson plugin <= 2.7.26 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Unyson plugin versions = 2.7.26. Solution Update the WordPress to the latest available version at least 2.7.27...

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting /?searchjob="...

Cross site scripting

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, whi...