4 matches found
CVE-2026-8899 Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...
CVE-2026-8899 Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in the athnthumbnail...
CVE-2026-8899
The CVE-2026-8899 entry concerns the WordPress Auto Thumbnail plugin (versions up to 1.0). Affected component is the athn_thumbnails() function handling the thumbnails shortcode; width and height attributes are unsafely concatenated into an HTML tag, leading to Stored Cross-Site Scripting. Explo...
WordPress Auto Thumbnails plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Thumbnails versions = 1.0...