26 matches found
CVE-2025-12027
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027
CVE-2025-12027 affects the WordPress plugin Mesmerize Companion up to version 1.6.158 . The vulnerability arises from a missing capability check in the functions openPageInCustomizer and openPageInDefaultEditor , allowing authenticated users with subscriber-level access and above on sites using t...
CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...
WordPress plugin Mesmerize Companion 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20576
Name of the Vulnerable Software and Affected Versions Mesmerize Companion versions up to and including 1.6.158 Description The Mesmerize Companion plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check within the...
WordPress Mesmerize Companion plugin <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization Authenticated Subscriber+ Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Mesmerize Companion versions = 1.6.158...
CVE-2024-3494
The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2022-4481
The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2024-3494 Mesmerize Companion <= 1.6.148 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode
The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-3494
The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress Mesmerize Companion plugin <= 1.6.148 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mesmerizecontactform Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Mesmerize Companion versions = 1.6.148...
PT-2024-26260 · WordPress · Mesmerize Companion
Name of the Vulnerable Software and Affected Versions: Mesmerize Companion plugin for WordPress versions up to, and including, 1.6.148 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mesmerize contact form shortcode due to insufficient input sanitization and outp...
WordPress Mesmerize Companion Plugin <= 1.6.148 is vulnerable to Cross Site Scripting (XSS)
Software Mesmerize Companion Type Plugin Vulnerable versions = 1.6.148 Fixed in 1.6.149 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3494 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79965937956 Credits stealthcopter...
WordPress plugin Mesmerize Companion 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
Mesmerize Companion < 1.6.149 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode
Description The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2022-4481
The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
Cross site scripting
The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4481 Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS
The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...