15 matches found
CVE-2025-12717
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2025-201522
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717 List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-12717
CVE-2025-12717 concerns the WordPress plugin List Attachments Shortcode. The WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the list-attachments Shortcode parameter before_list, affecting versions up to and including 0.4.1a. Exploitation requires authenticated access at...
CVE-2025-12717 List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelist' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress List Attachments Shortcode plugin <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability
Authenticated Author+ Stored Cross-Site Scripting via list-attachments Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin List Attachments Shortcode versions = 0.4.1a...
PT-2025-49335
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before list' parameter in the list-attachments shortcode in all versions up to, and including, 0.4.1a due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin List Attachments Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...
EUVD-2018-13401
Malware in sbrugna...
CVE-2018-20863
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments SEC-452...
CVE-2025-26897
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baden List Related Attachments list-related-attachments-widget allows DOM-Based XSS.This issue affects List Related Attachments: from n/a through = 2.1.6...
CVE-2018-20863
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments SEC-452...
Code injection
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments SEC-452...
CVE-2018-20863
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments SEC-452...