204 matches found
CVE-2019-25743
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...
CVE-2019-25744
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...
CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...
EUVD-2019-20180
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...
CVE-2019-25744 WordPress Popup Builder 3.49 Persistent Cross-Site Scripting
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...
CVE-2019-25744
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the posttitle parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads...
CVE-2019-25744
The CVE-2019-25744 entry concerns WordPress Popup Builder 3.49, which is vulnerable to a persistent cross-site scripting (XSS) flaw. The affected component is the post_title parameter, where an attacker can break out of option tags and craft POST requests to the post.php endpoint with a script pa...
CVE-2019-25743 WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...
CVE-2019-25743 WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...
EUVD-2019-20179
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...
CVE-2019-25743
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...
CVE-2019-25743
The CVE-2019-25743 entry affects WordPress Soliloquy Lite 2.5.6 and describes a persistent cross-site scripting vulnerability. An authenticated attacker can inject scripts by sending script payloads in the post_title parameter via the post editing endpoint; these payloads are stored and executed ...
PT-2026-46214
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payload...
PT-2026-46213
Name of the Vulnerable Software and Affected Versions Soliloquy Lite version 2.5.6 Description A persistent cross-site scripting issue allows authenticated attackers to inject malicious scripts by inserting script tags into the post title field. This is achieved by submitting POST requests to the...
WordPress plugin Popup Builder 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-8382
The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...
CVE-2026-8382
The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...
CVE-2026-8382
The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...
CVE-2026-8382
The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...
CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters
The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...