12 matches found
CVE-2026-6704
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
WordPress Blog Settings plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Blog Settings versions = 1.0...
EUVD-2026-27209
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2026-6704
The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
WordPress plugin Blog Settings 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-36961
Name of the Vulnerable Software and Affected Versions Blog Settings plugin for WordPress versions prior to 1.1 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the page parameter, enabling scripts to...
CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...
Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change
In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 report parameter to blog/settings or 2 error parameter to users/index...