2 matches found
CVE-2026-10551
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash used during HTML minification and an abused regular expression, enabling an attacker to inject arbitrary HTML attributes in the final HTML output by predicting the plac...
EUVD-2026-11751
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...