26 matches found
CVE-2025-13740
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress Lightweight Accordion plugin <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Lightweight Accordion versions = 1.5.20...
CVE-2025-13740
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-13740
CVE-2025-13740 affects the WordPress plugin Lightweight Accordion (all versions up to and including 1.5.20). The vulnerability is a Stored Cross‑Site Scripting (Stored XSS) due to insufficient input sanitization and output escaping on attributes supplied to the plugin’s lightweight-accordion shor...
CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress plugin Lightweight Accordion 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
PT-2025-51188
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightweight-accordion shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
EUVD-2023-12434
Malicious code in bioql PyPI...
EUVD-2024-27386
Malicious code in bioql PyPI...
CVE-2023-0373
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-2436
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2436
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2436
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2436 Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Plugin Lightweight Accordion 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Lightweight Accordion Plugin <= 1.5.16 is vulnerable to Cross Site Scripting (XSS)
Software Lightweight Accordion Type Plugin Vulnerable versions = 1.5.16 Fixed in 1.5.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6e6c77a276d Credits Krzysztof Zając...
CVE-2023-0373
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0373
CVE-2023-0373 affects the Lightweight Accordion WordPress plugin up to version 1.5.15. The vulnerability stems from failing to validate and escape certain block options before rendering in embed contexts, enabling Stored XSS for users with the contributor role or higher, with user interaction req...