WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JupiterX Core versions = 4.14.1...

CVE-2026-3533

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

CVE-2026-3533

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

CVE-2026-3533 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

PT-2026-27264

Name of the Vulnerable Software and Affected Versions Jupiter X Core plugin for WordPress versions through 4.14.1 Description The Jupiter X Core plugin for WordPress is susceptible to limited file uploads because of missing authorization in the import popup templates function and inadequate file...

CVE-2025-62051

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign Core u-design-core.This issue affects UDesign Core: from n/a through = 4.14.1...

PT-2025-45314

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign Core u-design-core.This issue affects UDesign Core: from n/a through = 4.14.1...

EUVD-2021-21318

Malware in sbrugna...

CVE-2024-31370

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: from n/a through = 4.14.1...

PT-2024-34223 · Yith · Yith Woocommerce Product Add-Ons

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Product Add-Ons versions prior to 4.14.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations...

WordPress plugin YITH WooCommerce Product Add-Ons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

RHSA-2023:7672 Red Hat Security Advisory: OpenShift Virtualization 4.14.1 RPMs security and bug fix update

Bulletin has no description...

CVE-2024-31370

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: from n/a through = 4.14.1...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.14.1 RPMs security and bug fix update

Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

This Week in Spring - May 3rd, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Im excited! This week Im speaking at the ArabJUG, and Ill be speaking at Microsofts huuuge JDConf event. Both of these are virtual. Then, next Monday, Im on a plane bound for London, UK, where Ill be speakin...

Cross site scripting

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...

CVE-2021-34668 WordPress Real Media Library <= 4.14.1 Author-only Stored Cross-Site Scripting

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...

CVE-2021-34668 WordPress Real Media Library <= 4.14.1 Author-only Stored Cross-Site Scripting

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

PT-2021-20636

Name of the Vulnerable Software and Affected Versions: WordPress Real Media Library plugin versions up to and including 4.14.1 Description: The issue allows author-level attackers to inject arbitrary web scripts in folder names via the name parameter in the /inc/overrides/lite/rest/Folder.php fil...