17 matches found
CVE-2026-0608
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Head Meta Data plugin <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Head Meta Data versions = 20251118...
CVE-2026-0608
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0608 Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0608
CVE-2026-0608 affects the Head Meta Data WordPress plugin. It is a Stored Cross-Site Scripting via the head-meta-data post meta field in all versions up to 20251118. Exploitation requires authenticated access at the Contributor level or higher, enabling injection of scripts that run when users vi...
CVE-2026-0608
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0608 Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-3576
Name of the Vulnerable Software and Affected Versions Head Meta Data plugin for WordPress versions prior to 20251119 Description The Head Meta Data plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head-meta-data post meta field. Insufficient input sanitization and...
WordPress plugin Head Meta Data: Cross-site Script Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Head Meta Data versions = 20250327...
CVE-2025-66081
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...
EUVD-2025-198466
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...
CVE-2025-66081 WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...
CVE-2025-66081
CVE-2025-66081 affects the WordPress Head Meta Data plugin. The vulnerability is a stored XSS caused by improper input neutralization during web page generation, affecting versions up to and including 20250327. The CVSSv3.1 base score is 5.4 (Medium). Connected sources corroborate the stored XSS ...
CVE-2025-66081 WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...
WordPress plugin Head Meta Data 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-47750
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through = 20250327...