28 matches found
CVE-2019-7288
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos...
CVE-2025-12651
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
EUVD-2025-60921
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
CVE-2025-12651
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
CVE-2025-12651
CVE-2025-12651 describes a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Live Photos on WordPress . The flaw arises from insufficient input sanitization and output escaping for user-supplied attributes in the shortcode livephotos_photo, specifically the parameters video_...
CVE-2025-12651 Live Photos on WordPress <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...
PT-2025-46284
Name of the Vulnerable Software and Affected Versions Live Photos on WordPress plugin versions prior to 0.1 Description The Live Photos on WordPress plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...
WordPress plugin Live Photos on WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...
EUVD-2019-16832
Malware in sbrugna...
CVE-2021-30992
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata...
CVE-2021-30992
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata...
Design/Logic Flaw
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata...
CVE-2021-30992
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata...
CVE-2021-30992
CVE-2021-30992 affects Apple iOS and iPadOS FaceTime in which a user in a FaceTime call may leak sensitive information via Live Photos metadata. Root cause: improper handling of file metadata; fix: Apple addressed in iOS 15.2 and iPadOS 15.2. Practical impact is limited to information disclosure ...
PT-2021-19030 · Apple · Facetime +2
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.2 iPadOS versions prior to 15.2 Description: The issue concerns the handling of file metadata, which may cause a user in a FaceTime call to unexpectedly leak sensitive user information through Live Photos metadata...
Unspecified Vulnerability in Apple iOS and macOS Mojave Live Photos in FaceTime Component
Apple iOS is an operating system developed by Apple Inc. for mobile devices.Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in the Live Photos in FaceTime component of Apple iOS versions prior to 12.1.4 and macOS Mojave...
CVE-2019-7288
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos...
CVE-2019-7288
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos...
Code injection
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos...