17 matches found
CVE-2025-12034
The Fast Velocity Minify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress plugin Fast Velocity Minify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2025-35930
The Fast Velocity Minify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12034
The Fast Velocity Minify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12034
The CVE concerns the WordPress plugin Fast Velocity Minify (versions up to 3.5.1). It describes a Stored Cross-Site Scripting vulnerability via admin settings caused by insufficient input sanitization and output escaping. Affected condition: multi-site installations and installations where unfilt...
CVE-2025-12034 Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Fast Velocity Minify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12034 Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Fast Velocity Minify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress Fast Velocity Minify plugin <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin Fast Velocity Minify versions = 3.5.1...
PT-2025-43724
Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 3.5.1 Description The Fast Velocity Minify plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticate...
EUVD-2019-9571
Malware in sbrugna...
CVE-2019-19983
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
CVE-2019-19983
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
Design/Logic Flaw
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
CVE-2019-19983
The CVE-2019-19983 vulnerability affects the WordPress plugin Fast Velocity Minify (before 2.7.7). The issue arises from the plugin exposing the full web root path of the WordPress installation, enabling an attacker to discover sensitive filesystem information when FVM Debug Mode is enabled and a...
CVE-2019-19983
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...
Fast Velocity Minify Full Path Leakage Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site.Fast Velocity Minify is used in which an open source page content fast loading plugin . A security vulnerability exists in...
Fast Velocity Minify < 2.7.7 - Full Path Disclosure
The Fast Velocity Minify WordPress plugin was affected by a Full Path Disclosure security vulnerability...