12 matches found
PT-2026-1963
Name of the Vulnerable Software and Affected Versions AMP for WP plugin for WordPress versions prior to 1.1.11 Description The AMP for WP plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG file content allows for the...
EUVD-2021-10263
Malware in sbrugna...
CVE-2018-20838
ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...
CVE-2024-7759 PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-32179 WordPress Maps for WP Plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through = 1.2.4...
CVE-2024-13648
The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13648 Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13648
The CVE-2024-13648 entry for Maps for WP is supported by connected Wordfence details that describe a Stored Cross-Site Scripting via the MapOnePoint shortcode in all versions up to 1.2.4, exploitable by authenticated users with contributor+ privileges. The underlying issue is insufficient input s...
CVE-2024-11419
CVE-2024-11419 affects the Password for WP WordPress plugin (versions up to and including 1.3). The vulnerability arises from missing or incorrect nonce validation in get3_init_admin_page(), enabling unauthenticated attackers to update plugin settings and inject script via forged requests. Wordfe...
CVE-2024-27967 WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3...
CVE-2018-20838
Summary: CVE-2018-20838 concerns the WordPress AMP for WP plugin. The vulnerability, described as a stored XSS in the function ampforwp_save_steps_data, affects versions before 0.9.97.21. The underlying issue is lack of proper validation of client-side data in the plugin, enabling an attacker to ...
WordPress AMP for WP Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in ampforwpsavestepsdata in WordPress AMP for WP plugin versions...