CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0724

CVE-2026-0724 : WPlyr Media Block for WordPress is affected by a Stored Cross‑Site Scripting (XSS) vulnerability via the _wplyr_accent_color parameter, impacting all versions up to 1.3.0. The root cause is insufficient input sanitization and output escaping of user-supplied attributes. Exploitati...

CVE-2026-0724 WPlyr Media Block <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin WPlyr Media Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-7494

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' wplyr accent color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2022-35155

Malicious code in bioql PyPI...

CVE-2024-1293

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-17799 · WordPress · Brizy – Page Builder

Name of the Vulnerable Software and Affected Versions: The Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.40 Description: The issue is related to Stored Cross-Site Scripting via the embedded media custom block due to insufficient input sanitization and output escapin...

CVE-2022-2934

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2934

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Cross site scripting

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2934

The CVE-2022-2934 entry concerns the Beaver Builder – WordPress Page Builder for WordPress. Versions up to and including 2.5.5.2 are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Media block via the Image URL field, caused by insufficient input sanitization and output escap...

Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Image URL

The plugin does not sanitise and escape the Image URL field of the Media block, which could allow users with access to the plugin's editor to perform Cross-Site Scripting attacks...

PT-2020-6779 · WordPress · Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder versions up to, and including, 2.5.5.2 Description: The issue is related to Stored Cross-Site Scripting via the Image URL value in the Media block due to insufficient input sanitization and output...