4 matches found
CVE-2025-9852
The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2025-9852
CVE-2025-9852 : Yoga Schedule Momoyoga WordPress plugin versions
PT-2025-39948
Name of the Vulnerable Software and Affected Versions Yoga Schedule Momoyoga plugin for WordPress versions prior to 2.9.1 Description The Yoga Schedule Momoyoga plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'momoyoga-schedule' shortcode. Insufficient input...
WordPress Yoga Schedule Momoyoga Plugin <= 2.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Yoga Schedule Momoyoga Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.8.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32529 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3463fb7d6d4e Credits LVT-tholv2k Required privilege...