CVE-2025-11872

The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

CVE-2025-11872 Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

EUVD-2025-35341

The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

CVE-2025-11872

CVE-2025-11872 affects the Material Design Iconic Font Integration plugin for WordPress (versions

WordPress plugin Material Design Iconic Font Integration 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPres...

WordPress Material Design Iconic Font Integration plugin <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Material Design Iconic Font Integration versions = 2...

EUVD-2023-28430

Malicious code in bioql PyPI...

EUVD-2023-28438

Malicious code in bioql PyPI...

Malicious code in bootstrap-material-design-datepicker (npm)

The package bootstrap-material-design-datepicker was found to contain malicious code...

CVE-2024-9024

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-30522

Cross-Site Request Forgery CSRF vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through = 1.0.0...

CVE-2025-30522

Cross-Site Request Forgery CSRF vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through = 1.0.0...

CVE-2025-30522 WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through = 1.0.0...

WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Contact Form 7 Material Design versions = 1.0.0...

WordPress plugin Contact Form 7 Material Design 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Contact Form 7...

CVE-2024-9024

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9024

CVE-2024-9024 concerns the WordPress plugin Material Design Icons (

CVE-2024-9024 Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9024 Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Material Design Icons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...