CVE-2025-68525 WordPress Category Icon plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Category Icon category-icon allows Stored XSS.This issue affects Category Icon: from n/a through = 1.0.2...

CVE-2025-58837 WordPress SS Font Awesome Icon Plugin <= 4.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through = 4.1.3...

CVE-2025-58837 WordPress SS Font Awesome Icon Plugin <= 4.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through = 4.1.3...

CVE-2025-58837

CVE-2025-58837 : WordPress SS Font Awesome Icon plugin (versions

WordPress SS Font Awesome Icon Plugin <= 4.1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin SS Font Awesome Icon versions = 4.1.3...

CVE-2024-8915

The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

WordPress Category Icon plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Category Icon versions = 1.0.0...

WordPress Category Icon Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category Icon Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8915 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f4c7d2ae8cd Credits Francesco Carlucci Require...

PT-2024-39316 · WordPress · Category Icon

Name of the Vulnerable Software and Affected Versions: Category Icon plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticate...

CVE-2024-9272 R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2020-52608)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Custom Job Icon plugi...

CVE-2020-2264

Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2264

Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2264

Summary: CVE-2020-2264 affects Jenkins Custom Job Icon Plugin (versions 0.2 and earlier). The vulnerability is a stored XSS caused by failing to escape job descriptions in tooltips. Exploitation requires attacker to have Job/Configure permission. Impact: stored XSS that can execute client-side co...

CVE-2020-2264

Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2019-14216

An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...

CVE-2019-14216

The CVE-2019-14216 issue affects the WordPress WP SVG Icons plugin (svg-vector-icon-plugin) up to version 3.2.1. The vulnerability arises from CSRF in wp-admin/admin.php?page=wp-svg-icons-custom-set, which mishandles Custom Icon uploads and allows an attacker to upload a ZIP containing a .php fil...