138 matches found
CVE-2026-8494
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-8494
CVE-2026-8494 concerns the WordPress plugin Permalink Manager Lite (affected versions up to 2.5.3.3). The issue is a Stored Cross-Site Scripting (XSS) flaw in the admin URI Editor interface, triggered by crafted post titles due to insufficient output escaping. Affected condition requires an attac...
CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...
WordPress BWL Advanced FAQ Manager Lite plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'sboxid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BWL Advanced FAQ Manager Lite versions = 1.1.1...
CVE-2026-32413
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through 2.5.3...
EUVD-2026-11931
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through 2.5.3...
CVE-2026-32413
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through 2.5.3...
CVE-2026-32413
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through 2.5.3...
WordPress plugin Permalink Manager Lite 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-25259
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through 2.5.3...
WordPress Frontend Post Submission Manager Lite plugin <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter vulnerability
Unauthenticated Open Redirect via 'requestedpage' Parameter vulnerability discovered by kr0d in WordPress Plugin Frontend Post Submission Manager Lite versions 1.0.0-1.2.7...
CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...
WordPress Frontend Post Submission Manager Lite plugin <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Post Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.5...
CVE-2025-14913
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'mediadeleteaction' function in all versions up to, and including, 1.2.6. This makes it possible for...
WordPress Frontend Post Submission Manager Lite plugin <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.6...
PT-2025-53417
Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite WordPress Plugin versions through 1.2.6 Description The Frontend Post Submission Manager Lite WordPress Plugin is affected by a flaw that allows unauthorized data loss. An incorrect authorization check...
CVE-2025-14080 Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...
PT-2025-52576
Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin versions through 1.2.5 Description The Frontend Post Submission Manager Lite plugin for WordPress has an issue where authorization checks are missing on the post update functionality within the fpsm...
EUVD-2004-1838
Malware in sbrugna...
EUVD-2004-1839
Malware in sbrugna...