64 matches found
CVE-2026-39483
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through = 9.113.3...
EUVD-2026-20150
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through = 9.113.3...
CVE-2026-39483
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through = 9.113.3...
CVE-2026-39483
CVE-2026-39483 pertains to the WordPress VK All in One Expansion Unit plugin (versions up to 9.113.3). The Red Hat/NVD/EUVD/NVD-style records describe an stored XSS vulnerability caused by improper neutralization of user input during web page generation. Affected component is VK All in One Expans...
CVE-2026-39483 WordPress VK All in One Expansion Unit plugin <= 9.113.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through = 9.113.3...
PT-2026-31122
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through = 9.113.3...
WordPress VK All in One Expansion Unit plugin <= 9.113.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin VK All in One Expansion Unit versions = 9.113.3...
CVE-2025-11737 VK All in One Expansion Unit <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'vkExUnitsnstitle' parameter in all versions up to, and including, 9.112.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2025-11737
The VK All in One Expansion Unit for WordPress is affected by CVE-2025-11737: Stored Cross-Site Scripting via the vkExUnit_sns_title/SNS title parameter in all versions up to 9.112.3. Exploitation requires Contributor+ authenticated access; payloads execute when users load injected pages. Support...
WordPress plugin VK All in One Expansion Unit 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress VK All in One Expansion Unit plugin <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via SNS Title vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin VK All in One Expansion Unit versions = 9.112.3...
WordPress VK All in One Expansion Unit plugin <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin VK All in One Expansion Unit versions = 9.112.1...
WordPress plugin VK All in One Expansion Unit 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress plugin VK All in One Expansion Unit 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
CVE-2023-28367
Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-0937
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-52268
Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...
CVE-2024-52268
Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...
CVE-2024-52268
Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...
CVE-2024-52268
The CVE-2024-52268 entry concerns the VK All in One Expansion Unit WordPress plugin. A stored cross-site scripting (CWE-79) vulnerability affects versions prior to 9.100.1.0, allowing an attacker to execute arbitrary JavaScript in a user’s browser when visiting a site using the vulnerable plugin....