CVE-2026-24543

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Materialis Companion versions = 1.3.52...

CVE-2026-24543

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

CVE-2026-24543 WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

CVE-2026-24543 WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

CVE-2026-24543

CVE-2026-24543 describes a Missing Authorization (Broken Access Control) vulnerability in the Materialis Companion plugin for WordPress (materialis-companion). Affected versions: up to 1.3.52. Root cause: incorrectly configured access control security levels. Impact per available data: privilege ...

CVE-2026-24543

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

WordPress plugin Materialis Companion has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-4390

Name of the Vulnerable Software and Affected Versions Materialis Companion versions through 1.3.52 Description A missing authorization issue exists in Materialis Companion, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Materialis...

EUVD-2022-52060

Malicious code in bioql PyPI...

CVE-2022-4762

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2024-4707

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-4707

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-4707

CVE-2024-4707 is a vulnerability in the Materialis Companion WordPress plugin (WordPress plugin) that enables Stored Cross-Site Scripting via the plugin shortcode materialis_contact_form. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, affect...

WordPress Materialis Companion plugin <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via materialiscontactform Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Materialis Companion versions = 1.3.41...

WordPress plugin Materialis Companion security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Materialis Companion Plugin <= 1.3.41 is vulnerable to Cross Site Scripting (XSS)

Software Materialis Companion Type Plugin Vulnerable versions = 1.3.41 Fixed in 1.3.42 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c2a53380a7a Credits stealthcopter...

Materialis Companion < 1.3.42 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

Description The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2022-4762

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4762

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...