EUVD-2026-38634

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

CVE-2026-56785

FlatPress is affected by a stored cross-site scripting (XSS) vulnerability in comment and contact forms. Versions prior to commit 10be83c (FlatPress) render the name, URL, and email fields without proper output encoding in Smarty templates, allowing an attacker to inject arbitrary HTML/JavaScript...

CVE-2026-56785

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

PT-2026-51608

Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...

WordPress plugin Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Anti-Spam: Spam Protection | Block Spam Users,...

Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

Summary Securimage-WP adds powerful CAPTCHA protection to comment forms on posts and pages to help prevent comment spam from getting onto your site. Description Securimage-WP suffers from a XSS issue in 'siwptest.php' that uses the 'PHPSELF' variable. The vulnerability is present because there...