10 matches found
CVE-2025-13906
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-202975
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13906
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13906
CVE-2025-13906 (WP Flot) is a stored cross-site scripting vulnerability in the WP Flot WordPress plugin. The issue affects all versions up to and including 0.2.2 and stems from insufficient input sanitization and output escaping in the linechart shortcode attributes. As a result, authenticated at...
CVE-2025-13906 WP Flot <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13906 WP Flot <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin WP Flot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-50831
The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linechart' shortcode in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Cross-site Scripting (XSS)
Overview @fluentui/react-charts is a React web chart controls for Microsoft fluentui v9 system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsecured SVG attribute spreading in the CartesianChart, Legend Shape renderer, and LineChart event annotation Textb...
Cross-site Scripting (XSS)
Overview @fluentui/react-charting is a React web charting controls for Microsoft fluentui system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsecured SVG attribute spreading in the CartesianChart, Legend Shape renderer, and LineChart event annotation...