16 matches found
CVE-2026-6174
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2026-6174 CC Child Pages <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'more' Parameter
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2026-6174
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2026-6174
The CVE-2026-6174 issue affects the WordPress CC Child Pages plugin. All versions up to and including 2.1.1 are vulnerable to Stored Cross-Site Scripting via the 'more' parameter due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access and ...
WordPress plugin CC Child Pages 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...
CVE-2025-13608
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'childpages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes usecustomlink, usecustomlinktarget,...
CVE-2025-13608 CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode
The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'childpages' shortcode in all versions up to, and including, 2.0.0. This is due to insufficient input sanitization and output escaping on four user-supplied attributes usecustomlink, usecustomlinktarget,...
CVE-2022-4776
The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4776
The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4776
The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4776 CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode
The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4776 CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode
The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4776
The CVE-2022-4776 entry concerns the CC Child Pages WordPress plugin, before version 1.43. The vulnerability arises because certain shortcode attributes are not validated or escaped before being echoed in the page output, enabling Stored XSS. The attack surface allows users with as little as Cont...
WordPress plugin CC Child Pages 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress CC Child Pages Plugin < 1.43 is vulnerable to Cross Site Scripting (XSS)
Software CC Child Pages Type Plugin Vulnerable versions 1.43 Fixed in 1.43 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4776 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a6bb713113e2 Credits Lana Codes Required...