154 matches found
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...
CVE-2019-15835
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF...
CVE-2025-27346
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through = 1.6...
CVE-2025-27346
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through = 1.6...
CVE-2025-27346 WordPress Rebuild Permalinks Plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through = 1.6...
CVE-2025-27346
CVE-2025-27346 concerns a Reflected XSS in the WordPress plugin Rebuild Permalinks (builds/permalink generation). The vulnerability targets the plugin’s rebuild-permalinks flow and is described as an improper neutralization of input during web page generation. Affected scope: Rebuild Permalinks v...
WordPress plugin Rebuild Permalinks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-17076 · Unknown · Rebuild Permalinks
Name of the Vulnerable Software and Affected Versions: Rebuild Permalinks versions n/a through 1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers to...
SUSE CVE-2025-27715
Mattermost versions 9.11.x = 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them...
WordPress Rebuild Permalinks Plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Rebuild Permalinks versions = 1.6...
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Mattermost does not strip embeds from metadata when broadcasting posted events. This allows users to include arbitrary embeds in posts, which are then broadcasted via websockets. This can be exploited in many ways, for example to create permalinks with fully customizable content or to trigger a...
GHSA-59HF-MPF8-PQJH Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Mattermost does not strip embeds from metadata when broadcasting posted events. This allows users to include arbitrary embeds in posts, which are then broadcasted via websockets. This can be exploited in many ways, for example to create permalinks with fully customizable content or to trigger a...
WordPress Custom Permalinks plugin <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting vulnerability
AuthenticatedEditor+ Stored Cross-Site Scripting vulnerability discovered by Ram in WordPress Plugin Custom Permalinks versions = 2.6.0...
WordPress Custom Permalinks Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom Permalinks Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0926 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 85e376d90fe6 Credits Ram Required privilege...
CVE-2023-0926
The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary we...
CVE-2023-0926
The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary we...
CVE-2023-0926
CVE-2023-0926 describes a Stored XSS vulnerability in the WordPress plugin Custom Permalinks . Affected versions are
PT-2024-11930 · WordPress · Custom Permalinks
Name of the Vulnerable Software and Affected Versions: Custom Permalinks plugin for WordPress versions up to and including 2.6.0 Description: The issue is related to insufficient input sanitization and output escaping on tag names, allowing authenticated users with editor-level permissions or...
CVE-2024-2543
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...
WordPress Plugin Permalink 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...