111 matches found
CVE-2024-8759
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-8759
The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454 Ninja Pages <= 1.4.2 - Admin+ Stored XSS
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454 Ninja Pages <= 1.4.2 - Admin+ Stored XSS
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454
CVE-2025-1454 refers to the WordPress Ninja Pages plugin (versions
PT-2025-21535 · WordPress · Nested Pages
Name of the Vulnerable Software and Affected Versions: Nested Pages WordPress plugin versions prior to 3.2.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...
PT-2025-21564 · WordPress · Ninja Pages
Name of the Vulnerable Software and Affected Versions: Ninja Pages plugin for WordPress versions 1.4.2 and earlier Description: The issue concerns the Ninja Pages WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as...
CVE-2025-4100
The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'npmarinetrafficmap' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4100
The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'npmarinetrafficmap' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4100
CVE-2025-4100 affects Nautic Pages for WordPress. It is a Stored Cross-Site Scripting vulnerability in the np_marinetraffic_map shortcode, exploitable by authenticated users with contributor-level access and above, due to insufficient input sanitization and output escaping in versions up to 2.0. ...
PT-2025-18368 · WordPress · Nautic Pages
Name of the Vulnerable Software and Affected Versions: Nautic Pages plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'np marinetraffic map' shortcode due to insufficient input sanitization and output escaping...
CVE-2025-0718
The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-0718
The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-0718 Nested Pages < 3.2.13 - Contributor+ Stored XSS
The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5943
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...
WordPress Explore pages plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Explore pages versions = 1.01...
CVE-2024-5943
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...
WordPress Nested Pages plugin <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion vulnerability
Cross-Site Request Forgery to Local File Inclusion vulnerability discovered by Bassem Essam in WordPress Plugin Nested Pages versions = 3.2.7...
WordPress plugin Nested Pages security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...