156 matches found
CVE-2025-4405
The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
WordPress plugin Hot Random Image 跨站脚本漏洞
WordPress Hot Random Image is a basic plugin for displaying randomly selected images from a specified folder. A cross-site scripting vulnerability exists in WordPress Hot Random Image, which stems from insufficient link parameter input cleanup and escaping, and can be exploited by an attacker to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the iconURL parameter in the marketplace-app-manager-web module. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise truste...
PrestaShop 跨站脚本漏洞
PrestaShop is an open source e-commerce solution from the US company PrestaShop. The program provides multiple payment methods, SMS alerts and product image zoom and other features. A cross-site scripting vulnerability exists in PrestaShop version 8.1.7, which stems from missing validation of lin...
PT-2025-2173 · WordPress · Bilingual Linker
Name of the Vulnerable Software and Affected Versions: Bilingual Linker plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter
The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter
The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Exploit for Cross-site Scripting in Pnetlab
Open Redirect CVE-2024-51112 + Exploit Author: Fatime Zeh...
CVE-2024-11420
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
PT-2024-16979 · WordPress · Blocksy
Name of the Vulnerable Software and Affected Versions: Blocksy theme for WordPress versions up to and including 2.0.77 Description: The issue is related to Stored Cross-Site Scripting via the link parameter of the Contact Info Block. This is due to insufficient input sanitization and output...
PT-2024-38884 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.25.7 Description: The issue is related to Stored Cross-Site Scripting via the url parameter of the Icon widget, caused by insufficient input sanitization and outp...
CVE-2024-9385
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8761
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially...
PT-2024-39234 · WordPress · Share This Image
Name of the Vulnerable Software and Affected Versions: Share This Image plugin for WordPress versions up to, and including, 2.03 Description: The issue is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to...
CVE-2024-5867
CVE-2024-5867 describes a Stored Cross-Site Scripting in the Delicate theme for WordPress via the link parameter of the Button shortcode, affecting all versions up to and including 3.5.5. The issue requires Contributor-level access or higher to exploit and can cause script execution on page load....
PT-2024-37206 · WordPress · Delicate Theme For Wordpress
Name of the Vulnerable Software and Affected Versions: Delicate theme for WordPress versions up to, and including, 3.5.5 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and output...
PT-2024-37209 · WordPress · Tweaker5
Name of the Vulnerable Software and Affected Versions: Tweaker5 theme for WordPress versions up to, and including, 1.2 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
CVE-2024-5708
The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...
PT-2024-37253 · WordPress · Boot Store
Name of the Vulnerable Software and Affected Versions: The Boot Store theme for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and...
CVE-2024-5965
The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...