CVE-2025-14445

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14445

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14445 Image Hotspot by DevVN <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14445

CVE-2025-14445 concerns the Image Hotspot by DevVN WordPress plugin. It allows Stored Cross‑Site Scripting via the hotspot_content custom field in all versions up to 1.2.9, requiring an authenticated attacker with author+ privileges. The impact described is that injected scripts execute when user...

CVE-2025-14445 Image Hotspot by DevVN <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Image Hotspot by DevVN plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Field Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Hotspot by DevVN versions = 1.2.9...

WordPress plugin Image Hotspot by DevVN 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20618

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Stratum plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.6.0...

CVE-2025-7845 Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2025-7845 Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2024-13642

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-7656

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvnihotspotshortcodefunc' function. This makes it possible for authenticated attackers, with Author-level access and...

WordPress Stratum plugin <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.4.7...

CVE-2024-13642

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13642

The CVE refers to WordPress Stratum – Elementor Widgets (Stratum) plugin, vulnerable to Stored Cross-Site Scripting via the Image Hotspot widget. The issue exists in all versions up to and including 1.4.7 and stems from insufficient input sanitization and output escaping on user-supplied attribut...

WordPress plugin Stratum – Elementor Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2025-2233 · WordPress · Stratum – Elementor Widgets

Name of the Vulnerable Software and Affected Versions: Stratum – Elementor Widgets plugin for WordPress versions up to, and including, 1.4.7 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Image Hotspot widget, allowing...

WordPress Image Hotspot by DevVN plugin <= 1.2.5 - Authenticated (Author+) PHP Object Injection vulnerability

Authenticated Author+ PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin Image Hotspot by DevVN versions = 1.2.5...