CVE-2022-50947

The CVE-2022-50947 entry concerns WordPress Plugin Testimonial Slider and Showcase version 2.2.6. A stored XSS vulnerability exists in the post_title field due to insufficient sanitization, exploitable by authenticated editors with low privileges. Attackers with editor rights can inject JavaScrip...

WordPress Image Alt Text Manager plugin <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Post Title vulnerability discovered by WordFence in WordPress Plugin Alt Manager versions = 1.8.2...

CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

WordPress SearchWiz plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title vulnerability discovered by WordFence in WordPress Plugin SearchWiz versions = 1.0.0...

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...