226 matches found
WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin
Unauthenticated Stored DOM XSS via pagetitle Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...
GHSA-8WHC-2WMV-WW35 WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin
Unauthenticated Stored DOM XSS via pagetitle Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...
GHSA-FMG2-F5R9-24QC Grav: Stored XSS via page title (data[header][title]) in admin panel
Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...
Grav: Stored XSS via page title (data[header][title]) in admin panel
Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...
CVE-2026-2936
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
EUVD-2026-18995
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-2936
The CVE concerns the WordPress plugin Visitor Traffic Real Time Statistics, affected up to version 8.4. It is vulnerable to Stored Cross-Site Scripting via the page_title parameter due to insufficient input sanitization and output escaping. The vulnerability allows unauthenticated attackers to in...
CVE-2026-2936
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
PT-2026-30345
Name of the Vulnerable Software and Affected Versions Visitor Traffic Real Time Statistics plugin for WordPress versions up to and including 8.4 Description The Visitor Traffic Real Time Statistics plugin for WordPress is susceptible to Stored Cross-Site Scripting through the page title parameter...
EUVD-2019-19717
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cmsgetpagetitle.php endpoint with malicious catid values to extract sensitive...
PT-2026-22359
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms getpagetitle.php endpoint with malicious catid values to extract sensitive...
CVE-2025-13438
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...
CVE-2025-13438
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...
CVE-2025-13438 Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...
CVE-2025-13438
The CVE CVE-2025-13438 concerns the WordPress plugin Page Title, Description & Open Graph Updater. Affected versions: all up to and including 1.02. Root cause: missing nonce validation on multiple AJAX actions (e.g., dieno_update_page_title) leading to Cross-Site Request Forgery. Impact as stated...
CVE-2025-13438 Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...
WordPress plugin Page Title, Description & Open Graph Updater 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20599
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno update page title. This makes it possible for...
WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability
Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...