CVE-2025-10165

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10165 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10165

CVE-2025-10165 affects the WordPress plugin AP Background. A stored XSS flaw exists in the adv_parallax_back shortcode due to insufficient input sanitization and output escaping in versions up to 3.8.2, allowing authenticated users with contributor-level access or higher to inject and execute scr...

CVE-2025-9561

CVE-2025-9561 affects the WordPress AP Background plugin (versions 3.8.1–3.8.2). The issue is an arbitrary file upload vulnerability due to missing authorization and insufficient file validation in advParallaxBackAdminSaveSlider(), allowing authenticated attackers with Subscriber+ access to uploa...

WordPress AP Background plugin <= 3.8.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin AP Background versions = 3.8.2...

WordPress AP Background plugin 3.8.1-3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability discovered by kr0d in WordPress Plugin AP Background versions 3.8.1-3.8.2...

WordPress plugin AP Background 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress AP Background plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of advparallaxback,...

PT-2025-40467

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions prior to 3.8.3 Description The software contains a flaw that allows an attacker to inject malicious web scripts into pages. This is possible due to insufficient input sanitization and output escaping...