26 matches found
CVE-2026-6549
The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...
EUVD-2026-31042
The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...
CVE-2026-6549
Technical details about CVE-2026-6549 are not publicly available in the provided documents; monitor for updates.
CVE-2026-6549 Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...
CVE-2026-6549
The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...
CVE-2026-6549 Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...
PT-2026-42069
Name of the Vulnerable Software and Affected Versions Logo Manager For Enamad versions prior to 0.7.5 Description The Logo Manager For Enamad plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...
WordPress plugin Logo Manager For Enamad 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPress...
WordPress Logo Manager For Enamad plugin <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Logo Manager For Enamad versions = 0.7.4...
WordPress Logo Manager For Enamad plugin <= 0.7.1 - Admin+ Stored XSS via Widget vulnerability
Admin+ Stored XSS via Widget vulnerability discovered by Bob Matyas in WordPress Plugin Logo Manager For Enamad versions = 0.7.1...
CVE-2024-5170
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5170
CVE-2024-5170 affects the WordPress plugin “Logo Manager For Enamad” (versions ≤ 0.7.1). The issue is that widget settings are not properly sanitized/escaped, which could allow a high-privilege user (e.g., Administrator) to perform a Stored XSS attack, even when unfiltered_html is disallowed (suc...
WordPress plugin Logo Manager For Enamad 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...
WordPress Logo Manager For Enamad Plugin <= 0.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db8eaece7c6c Credits Bob Matyas Require...
WordPress Logo Manager For Enamad plugin <= 0.7.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Logo Manager For Enamad versions = 0.7.0...
CVE-2024-4757
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-4757
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...