WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

CVE-2026-3478

CVE-2026-3478 affects the Content Syndication Toolkit plugin for WordPress (versions

CVE-2025-9488

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

EUVD-2025-203202

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-9488

CVE-2025-9488 affects the Redux Framework WordPress plugin (≤4.5.8). It enables Stored Cross‑Site Scripting via the data parameter by authenticated users with Contributor+; scripts execute on the affected pages when loaded. Wordfence reports this CVE as patched (patch status: Patched); no exploit...

PT-2025-51085

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

WordPress plugin Redux Framework 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Redux Framework plugin <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Redux Framework versions = 4.5.8...

EUVD-2021-24765

Malware in sbrugna...

EUVD-2024-47842

Malicious code in bioql PyPI...

CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...

CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...

CVE-2024-6828

CVE-2024-6828 (Redux Framework, WordPress): The Redux Framework plugin versions 4.4.12–4.4.17 are vulnerable to unauthenticated JSON file uploads due to missing authorization/capability checks in the Redux_Color_Scheme_Import function, enabling stored XSS and, in rare cases when wp_filesystem fai...

PT-2024-37889 · WordPress · Redux Framework

Name of the Vulnerable Software and Affected Versions: Redux Framework plugin for WordPress versions 4.4.12 through 4.4.17 Description: The issue arises from missing authorization and capability checks on the Redux Color Scheme Import function, allowing unauthenticated attackers to upload JSON...

WordPress plugin Redux Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

VulnCheck KEV: CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which...

WordPress Redux Framework Plugin <= 4.4.17 is vulnerable to Cross Site Scripting (XSS)

Software Redux Framework Type Plugin Vulnerable versions = 4.4.17 Fixed in 4.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6828 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3b2115820306 Credits villu164 Require...