22 matches found
CVE-2026-57651
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
CVE-2026-57651
The CVE-2026-57651 entry documents a Cross Site Scripting (XSS) vulnerability in the WordPress Ghost Kit plugin versions ≤ 3.6.0. The issue is described consistently across sources as Ghost Kit XSS, with a CVSS v3.1 base score of 6.5 (Medium) and an attack vector of Network, user interaction requ...
EUVD-2026-39766
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
CVE-2026-57651 WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...
WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ghost Kit versions = 3.6.0...
EUVD-2025-28535
Malicious code in bioql PyPI...
CVE-2025-9992
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2025-9992
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2025-9992 Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2025-9992 Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2025-9992
The CVE-2025-9992 entry concerns Ghost Kit – Page Builder Blocks, Motion Effects & Extensions for WordPress. It is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to and including 3.4.3, due to insufficient input sanitization and output escaping. Exploitation ...
WordPress plugin Ghost Kit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-38307
Name of the Vulnerable Software and Affected Versions Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress versions through 3.4.3 Description The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is susceptible to Stored Cross-Site...
WordPress Ghost Kit plugin <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Ghost Kit versions = 3.4.3...
CVE-2025-53567
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through = 3.4.1...
CVE-2025-53567
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through = 3.4.1...
CVE-2025-53567
CVE-2025-53567 describes an unauthenticated Local File Inclusion in WordPress Ghost Kit (PHP) due to improper filename handling in Include/Require statements, affecting Ghost Kit versions up to 3.4.1. Reported CVSS v3.1 base score 8.1 (HIGH) with NETWORK attack vector, HIGH impact on confidential...
CVE-2025-53567 WordPress Ghost Kit <= 3.4.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Ghost Kit allows PHP Local File Inclusion. This issue affects Ghost Kit: from n/a through 3.4.1...
CVE-2025-53567 WordPress Ghost Kit <= 3.4.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through = 3.4.1...
PT-2025-33987 · Unknown · Nk Ghost Kit
Name of the Vulnerable Software and Affected Versions: nK Ghost Kit versions through 3.4.1 Description: This issue involves improper control of filename handling for Include/Require statements in PHP programs, specifically a PHP Remote File Inclusion vulnerability that allows for PHP Local File...