CVE-2026-42759

CVE-2026-42759 describes a stored XSS in the WordPress plugin “Timo Affiliate Super Assistent amazonsimpleadmin,” caused by improper neutralization of input during web page generation. Affected: Affiliate Super Assistent versions from n/a through

EUVD-2020-4265

Malware in sbrugna...

CVE-2025-53307 WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brent Jett Assistant allows Reflected XSS. This issue affects Assistant: from n/a through 1.5.2...

WordPress plugin Assistant 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Martin Herancourt in WordPress Plugin WordPress Assistant versions = 1.5.2...

CVE-2025-7641

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...

CVE-2020-11928

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the taxquery, metaquery, or datequery parameter in mlagallery via an admin...

CVE-2025-26885 WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through = 1.5.1...

CVE-2025-26885 WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through = 1.5.1...

CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WordPress plugin Assistant 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

CVE-2023-6985

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

CVE-2023-26516

Cross-Site Request Forgery CSRF vulnerability in WPIndeed Debug Assistant plugin = 1.4 versions...

CVE-2023-5798

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

CVE-2023-5798 Assistant < 1.4.4 - Editor+ SSRF

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

CVE-2023-24385

CVE-2023-24385 affects the WordPress Med ia Library Assistant plugin (author+ stored XSS) up to version 3.11. Root cause: insufficient escaping/validation of input leading to stored XSS when an authenticated user with author role submits data. Impact: stored cross-site scripting potential; can af...

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

CVE-2023-26527 WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPIndeed Debug Assistant plugin = 1.4 versions...

CVE-2023-26527 WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPIndeed Debug Assistant plugin = 1.4 versions...

WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Debug Assistant Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a881348f2d40 Credits Prasanna V Balaji Required...