📄 WordPress IndieWeb 4.0.5 Cross Site Scripting

WordPress IndieWeb plugin versions 4.0.5 and below suffers from persistent cross site scripting vulnerability. CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS in IndieWeb WordPress Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. Th...

Exploit for CVE-2025-14893

CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS...

CVE-2025-14893

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CVE-2025-14893

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

CVE-2025-14893

CVE-2025-14893 : The IndieWeb WordPress plugin is vulnerable to a stored XSS via the Telephone parameter in all versions up to 4.0.5, with exploitation limited to authenticated attackers holding at least author-level access. The vulnerability allows injection of arbitrary scripts that run when us...

CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter

The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...

PT-2026-1757

Name of the Vulnerable Software and Affected Versions IndieWeb plugin for WordPress versions through 4.0.5 Description The IndieWeb plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the Telephone...

WordPress plugin IndieWeb 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...

CVE-2015-9494

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier...

WordPress indieweb-post-kinds plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. indieweb-post-kinds is one of the category plugins used in it. A cross-site scripting vulnerability exists in WordPress...

Design/Logic Flaw

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier...

CVE-2015-9494

CVE-2015-9494 affects the WordPress plugin indieweb-post-kinds (versions prior to 1.3.1.1). It enables a DOM-based XSS via the genericons/example.html anchor identifier, allowing injected script to run in a victim’s browser when that anchor is processed. PoC demonstrates the vulnerability. Remedi...

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indieweb-post-kinds/genericons/example.html...

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/indieweb-post-kinds/genericons/example.html...