58 matches found
Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend
TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...
PT-2026-43450
TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...
CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...
CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...
CVE-2026-32359
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
EUVD-2026-11849
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
CVE-2026-32359
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
CVE-2026-32359
CVE-2026-32359 affects the WordPress Icon List Block plugin (icon-list-block) with versions
CVE-2026-32359 WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
CVE-2026-32359
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
CVE-2026-32359 WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
PT-2026-25206
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through = 1.2.3...
WordPress plugin Icon List Block 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...
Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection
Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...
CVE-2026-3452
Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...
CVE-2026-3452 Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block.
Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...
WordPress Icon List Block plugin server-side request forgery vulnerability
WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...
CVE-2025-12376
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
EUVD-2025-197994
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-12376
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...