8 matches found
CVE-2026-4078
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4078
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
PT-2026-34866
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the combin...
WordPress ITERAS plugin <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ITERAS versions = 1.8.2...
WordPress plugin ITERAS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
WordPress ITERAS plugin <= 1.8.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ITERAS versions = 1.8.0...
WordPress ITERAS Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software ITERAS Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53710 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fe46f5e0e01b Credits SOPROBRO Required privilege...