CVE-2025-13311

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2025-13311 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress Just Highlight plugin <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Just Highlight versions = 1.0.3...

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

CVE-2024-56297

CVE-2024-56297 is a Stored XSS in the WordPress Highlight plugin (dn88 Highlight). Affected range: from n/a through 2.0.2. Root cause per description: Improper Neutralization of Input During Web Page Generation. Impact is limited to stored XSS in pages generated by the plugin; exploitation detail...

CVE-2024-56297 WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dn88 Highlight allows Stored XSS.This issue affects Highlight: from n/a through 2.0.2...

WordPress plugin Highlight 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Van Tam Patchstack Alliance in WordPress Plugin Highlight versions = 2.0.2...

WordPress plugin Highlight 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

SUSE CVE-2012-4548

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command...

WordPress cross-site scripting vulnerability

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in Wordpress Plugin Highlight, which stems from the...

CVE-2021-24591

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24591 Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin Highlight 跨站脚本漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in Wordpress Plugin Highlight, which stems from the...

Joomla! 3.0.2 PHP Object Injection

------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly sanitized before being used in an unserialize call at...

CVE-2008-4557

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...