CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Patchstack•added 2026/04/09 10:3 p.m.•2 views

WordPress Post Blocks & Tools plugin <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Magazine Companion versions = 1.3.0...

6.4CVSS5.9AI score0.00042EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/12 3:46 a.m.•3 views

CVE-2025-11828

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

6.4CVSS4.9AI score0.00037EPSS

Exploits0References1

CVE•added 2025/11/11 3:30 a.m.•11 views

CVE-2025-11828

The Magazine Companion WordPress plugin (bnm-blocks/featured-posts-1 headerHtmlTag) is vulnerable to Stored XSS in all versions up to and including 1.2.3 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling...

6.4CVSS4.7AI score0.00037EPSS

Exploits0References4

Vulnrichment•added 2025/11/11 3:30 a.m.•2 views

CVE-2025-11828 Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS4.7AI score0.00037EPSS

Exploits0References3

Cvelist•added 2025/11/11 3:30 a.m.•5 views

CVE-2025-11828 Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00037EPSS

Exploits0References4

CNNVD•added 2025/11/11 12:0 a.m.•1 views

WordPress plugin Magazine Companion 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References3

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46253

Name of the Vulnerable Software and Affected Versions The Magazine Companion plugin for WordPress versions through 1.2.3 Description The Magazine Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the headerHtmlTag attribute within the bnm-blocks/featured-posts-1...

6.4CVSS5.2AI score0.00037EPSS

Exploits0References5

Patchstack•added 2025/11/10 11:19 p.m.•4 views

WordPress Magazine Companion plugin <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Magazine Companion versions = 1.2.3...

6.4CVSS5.5AI score0.00037EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by