EUVD-2026-30893

The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...

WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 28.1.6...

CVE-2025-9371

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

PT-2025-41373

Name of the Vulnerable Software and Affected Versions Betheme theme for WordPress versions prior to 28.1.7 Description The theme is susceptible to Stored Cross-Site Scripting through the page title parameter. Insufficient input sanitization and output escaping in theme breadcrumbs allow...

WordPress Betheme plugin <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'pagetitle' vulnerability discovered by Zbigniew Piotrak in WordPress Theme Betheme versions = 28.1.6...