EUVD-2026-20838

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...

CVE-2026-3574

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...

CVE-2026-3574 Experto Dashboard for WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting

The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...

PT-2026-31568

Name of the Vulnerable Software and Affected Versions Experto Dashboard for WooCommerce plugin for WordPress versions up to and including 1.0.4 Description The Experto Dashboard for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through its settings fields, includi...

WordPress Mandatory Field plugin <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Mandatory Field versions = 1.6.8...

CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

CVE-2019-25314

Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

WordPress Cookie consent for developers plugin <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Multiple Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Cookie consent for developers versions = 1.7.1...

CVE-2018-14877

An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...

CVE-2022-37247

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting XSS via /admin/settings/fields page...

DEBIAN-CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

CVE-2023-6806

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

WordPress plugin Simply Excerpts security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2022-37247

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting XSS via /admin/settings/fields page...

Pixel＆tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic, USA. A security vulnerability exists in Craft CMS version 4.2.0.1, which stems from a security issue on the /admin/settings/fields page...

Saad Irfan RemoteClinic 跨站脚本漏洞

Saad Irfan RemoteClinic is a Saad Irfan open source application. Provides the ability to remotely manage your clinic via the web. A security vulnerability exists in Saad Irfan RemoteClinic v2.0 that allows an attacker to perform code execution using multiple parameters. The affected parameters ar...