WordPress MediaPress plugin <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin's Shortcode vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.1...

CVE-2026-22519

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through = 1.6.2...

CVE-2026-22519

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through = 1.6.2...

CVE-2026-22519 WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through = 1.6.2...

CVE-2026-22519 WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through = 1.6.2...

CVE-2026-22519

CVE-2026-22519 refers to a MediaPress Stored XSS in BuddyPress MediaPress. The Wordfence report confirms MediaPress

CVE-2025-14552

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin MediaPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2026-2196

Name of the Vulnerable Software and Affected Versions BuddyDev MediaPress versions through 1.6.2 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting XSS condition. This allows for the injection of...

WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.2...

CVE-2025-14552

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-14552

CVE-2025-14552 affects the WordPress MediaPress plugin (MediaPress) and is a Stored Cross-Site Scripting vulnerability in the mpp-uploader shortcode, exploitable in all versions up to 1.6.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, allowin...

CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin MediaPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2025-26558

Malicious code in bioql PyPI...

CVE-2025-58608

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...

CVE-2025-58608

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...

WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.5.9.1...

CVE-2025-58608 WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...