3 matches found
CVE-2025-12965
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...
CVE-2025-12965
CVE-2025-12965 refers to the Magical Posts Display – Elementor Advanced Posts widgets plugin. The Wordfence intelligence entry confirms a stored XSS via the mpac_title_tag parameter in the Magical Posts Accordion widget, affecting all versions up to and including 1.2.54. Root cause: insufficient ...
PT-2025-50922
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpac title tag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag...