3447 matches found
CVE-2023-3666
CVE-2023-3666 affects the Sticky Side Buttons WordPress plugin prior to version 2.0.0. The issue is Stored XSS caused by insufficient sanitisation/escaping of certain settings, potentially exploitable by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite)...
CVE-2023-3666 Sticky Side Buttons < 2.0.0 - Admin+ Stored XSS
The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5083
The CVE-2025-5083 issue affects the WordPress Amministrazione Trasparente plugin, vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 9.0 due to insufficient input sanitization and output escaping. The vulnerability requires authenticated attackers with administrato...
CVE-2025-5083 Amministrazione Trasparente <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via print_r Function
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
PT-2025-35389
Name of the Vulnerable Software and Affected Versions: Amministrazione Trasparente plugin for WordPress versions prior to 9.1 Description: The Amministrazione Trasparente plugin for WordPress is susceptible to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...
CVE-2025-8490
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
WordPress MultiSite Clone Duplicator plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin MultiSite Clone Duplicator versions = 1.5.3...
CVE-2025-8490
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
Linux Distros Unpatched Vulnerability : CVE-2020-28033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. CVE-2020-28033 Note that Nessus...
CVE-2025-8490 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-8490
CVE-2025-8490 refers to the All-in-One WP Migration and Backup plugin for WordPress, with a stored cross-site scripting (XSS) flaw in the Import path affecting versions up to 7.97. The issue requires authenticated access at administrator level and affects multi-site installations or sites where u...
Linux Distros Unpatched Vulnerability : CVE-2017-5493
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier fo...
CVE-2025-8783
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-8783
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-8783 Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title'
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-8783
CVE-2025-8783 affects the WordPress Contact Manager plugin (versions up to 8.6.5). Root cause: insufficient input sanitization and output escaping for the title parameter, enabling Stored Cross-Site Scripting by an authenticated administrator on multi-site installations or where unfiltered_html i...
CVE-2025-8783 Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title'
The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
PT-2025-33719 · WordPress · Contactmanager
Name of the Vulnerable Software and Affected Versions: Contact Manager plugin for WordPress versions prior to 8.6.6 Description: The Contact Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting via the title parameter. Insufficient input sanitization and output escaping allo...