3 matches found
CVE-2025-13626
The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-13626
creationtimestamp| type| source ---|---|--- 2025-12-06 09:25:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7comyfjos2s...
CVE-2025-13626
The CVE-2025-13626 entry concerns the WordPress plugin myLCO (versions up to and including 0.8.1) with a Reflected Cross-Site Scripting (XSS) vulnerability via $_SERVER['PHP_SELF'] due to insufficient input sanitization and output escaping. Unauthenticated attackers can potentially inject arbitra...