PT-2026-33430

Name of the Vulnerable Software and Affected Versions VideoZen versions prior to 1.0.2 Description The VideoZen plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping in the videozen conf function. The lang POST parameter is...

CVE-2018-16363

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...