CVE-2025-58916

CVE-2025-58916 affects the WordPress plugin Munzir, specifically the myshouts-shoutbox component, prior to version 0.9. It is a Reflected XSS caused by improper input neutralization during web page generation. The CVSSv3.1 base score is 7.1 (HIGH); vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N. Red...

CVE-2025-58841 WordPress Media Author Plugin <= 1.0.4 - Broken Access Control Vulnerability

Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through = 1.0.4...

CVE-2025-58841 WordPress Media Author Plugin <= 1.0.4 - Broken Access Control Vulnerability

Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through = 1.0.4...

CVE-2025-58841

CVE-2025-58841 describes an Incorrect Privilege Assignment (Broken Access Control) vulnerability in the WordPress Media Author plugin, affecting versions from n/a up to 1.0.4. The issue could enable privilege escalation. Connected sources corroborate the affected software and vulnerability class,...

CVE-2025-30808 WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through = 1.6.2...

CVE-2025-30808

CVE-2025-30808 is a reflected XSS in the WordPress plugin About Author . Connected docs confirm the issue affects the plugin’s vulnerability surface up to version 1.6.2 . Root cause: Improper Neutralization of Input During Web Page Generation . Impact, as per metrics: High (CVSS 3.1 base 7.1) wit...

WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin About Author versions = 1.6.2...

WordPress Product Author for WooCommerce plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Product Author for WooCommerce versions = 1.0.7...

WordPress WP About Author plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin WP About Author versions = 1.5...

CVE-2025-27323 WordPress WP About Author plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jon Bishop WP About Author wp-about-author allows DOM-Based XSS.This issue affects WP About Author: from n/a through = 1.5...

WordPress plugin WP About Author 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-56247 WordPress WP Post Author plugin <= 3.8.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AF themes WP Post Author wp-post-author allows SQL Injection.This issue affects WP Post Author: from n/a through = 3.8.2...

WordPress WP Post Author plugin <= 3.8.1 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Lesor101 in WordPress Plugin WP Post Author versions = 3.8.1...

WordPress WP Post Author Plugin <= 3.8.1 is vulnerable to SQL Injection

Software WP Post Author Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8757 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 459e7e4ad115 Credits Lesor101 Required privilege Administrator Published...

WordPress WP Post Author plugin <= 3.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin WP Post Author versions = 3.6.7...

WordPress WP Post Author Plugin <= 3.6.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Post Author Type Plugin Vulnerable versions = 3.6.7 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37101 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 123a43620732 Credits Khalid Yusuf Required privilege...

CVE-2024-34389 WordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4...

WordPress plugin WP Post Author 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Guest Author < 2.4 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Guest Author plugin for WordPress is vulnerable to Stored Cross-Site Scripting via author name in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, ...

WordPress Guest Author Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Guest Author Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49747 Patch priority Medium CVSS severity Medium 5.9 Developer WebFactory Ltd. PSID ddb592007f62 Credits emad Required privilege Author Publishe...