2 matches found
CVE-2025-12116
The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-58285
Summary: CVE-2024-58285 affects Chyrp 2.5.2 with a stored cross-site scripting flaw in post titles. The vulnerability allows an authenticated user to inject scripts in a post’s title, which can execute when other users view the post, potentially leaking cookies or enabling client-side attacks. Th...