WordPress PowerFolio Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin PowerFolio versions = 3.2.1...

CVE-2025-57932 WordPress PowerFolio Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...

WordPress plugin PowerFolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-7046

The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS Attributes of Plugin's widgets in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possibl...

CVE-2025-7046

The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS Attributes of Plugin's widgets in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possibl...

CVE-2025-7046 Portfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS

The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS Attributes of Plugin's widgets in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possibl...

PT-2025-27856 · WordPress · Powerfolio

Name of the Vulnerable Software and Affected Versions: PowerFolio plugin for WordPress versions prior to 3.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom JS Attributes of the plugin's widgets due to insufficient input sanitization and output escaping. This...

CVE-2024-22150 WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1...