73 matches found
CVE-2025-11454 Specific Content For Mobile – Customize the mobile version without redirections <= 0.5.5 - Authenticated (Contributor+) SQL Injection
The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...
WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Nelio Content versions = 4.0.5...
EUVD-2024-34352
Malicious code in bioql PyPI...
CVE-2025-58857 WordPress Table of content Plugin <= 1.5.3.1 - Cross Site Request Forgery (CSRF) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through = 1.5.3.1...
CVE-2025-58851 WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DigitalCourt Boxed Content boxed-content allows Stored XSS.This issue affects Boxed Content: from n/a through = 1.0...
WordPress Boxed Content Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin Boxed Content versions = 1.0...
WordPress plugin Table of content cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress elink – Embed Content plugin <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation vulnerability
Authenticated Contributor+ Insufficient Input Validation vulnerability discovered by Shreyas Malhotra shreyas-malhotra in WordPress Plugin elink Embed Content versions = 1.1.0...
WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability
Contributor Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin Structured Content versions 1.7.0...
CVE-2025-3414
CVE-2025-3414 affects WordPress plugin Structured Content (JSON-LD) for the wpsc block, vulnerable before 1.7.0. The issue is that block options are not consistently validated/escaped before being output in a page/post where the block is embedded, enabling stored XSS by users with contributor rol...
PT-2025-33125 · WordPress · Structured Content (Json-Ld) #Wpsc
Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD wpsc WordPress plugin versions prior to 1.7.0 Description: The Structured Content JSON-LD wpsc WordPress plugin does not validate and escape certain block options before displaying them within a page or post,...
CVE-2025-4608 Structured Content <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode
The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-30643 · WordPress · Structured Content
Name of the Vulnerable Software and Affected Versions: Structured Content plugin for WordPress versions prior to 1.6.5 Description: The Structured Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s sc fs local business shortcode. Insufficient input...
CVE-2024-12153
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.9.92. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress plugin Flagged Content 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress plugin Insert or Embed Articulate Content into WordPress 代码问题漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin Insert or...
CVE-2025-31780 WordPress Append Content plugin <= 2.1.1 - CSRF to Settings Change vulnerability
Missing Authorization vulnerability in Andy Stratton Append Content allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Append Content: from n/a through 2.1.1...
WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Structured Content versions = 1.6.3...
CVE-2025-30918 WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gordon Böhme Structured Content structured-content allows Stored XSS.This issue affects Structured Content: from n/a through = 1.6.3...
WordPress plugin Structured Content 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabili...