PT-2025-14910 · Otwthemes · Otwthemes Sidebar Manager Light

Name of the Vulnerable Software and Affected Versions: OTWthemes Sidebar Manager Light versions 1.1.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricki...

CVE-2025-23827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through = 1.4.1...

CVE-2025-23535

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in martinziegert REAL WordPress Sidebar drag-and-drop-custom-sidebar allows Stored XSS.This issue affects REAL WordPress Sidebar: from n/a through = 0.1...

CVE-2025-23535

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in martinziegert REAL WordPress Sidebar drag-and-drop-custom-sidebar allows Stored XSS.This issue affects REAL WordPress Sidebar: from n/a through = 0.1...

CVE-2025-23535

CVE-2025-23535 describes a Stored XSS in the REAL WordPress Sidebar plugin (drag-and-drop-custom-sidebar). The common detail across sources attributes the issue to improper neutralization of input during web page generation, enabling an unauthenticated attacker to inject/script content in stored ...

CVE-2025-23535 WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1...

CVE-2025-23535 WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in martinziegert REAL WordPress Sidebar drag-and-drop-custom-sidebar allows Stored XSS.This issue affects REAL WordPress Sidebar: from n/a through = 0.1...

WordPress plugin REAL WordPress Sidebar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-23912

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through = 2.3...

CVE-2025-23827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through = 1.4.1...

CVE-2025-23642

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...

CVE-2025-23642

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...

CVE-2025-23912 WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through = 2.3...

CVE-2025-23912

CVE-2025-23912 is associated with WordPress Custom Sidebar (Typomedia Foundation) and is described as an SQL Injection vulnerability that allows Blind SQL Injection. Public sources in the Connected documents place the affected software as WordPress Custom Sidebar (up to version 2.3) with an authe...

CVE-2025-23912 WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through = 2.3...

CVE-2025-23827 WordPress Strx Magic Floating Sidebar Maker plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through = 1.4.1...

CVE-2025-23827 WordPress Strx Magic Floating Sidebar Maker plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in straps Strx Magic Floating Sidebar Maker strx-magic-floating-sidebar-maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through = 1.4.1...

CVE-2025-23827

CVE-2025-23827 affects Strx Magic Floating Sidebar Maker (WordPress plugin). Description: Stored XSS due to improper neutralization of input during web page generation. Impact: stored Cross-Site Scripting via vulnerable input; affects Strx Magic Floating Sidebar Maker versions from n/a up to and ...

CVE-2025-23642 WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...

CVE-2025-23642

CVE-2025-23642 is a DOM-based XSS in the Sidebar-Content from Shortcode WordPress plugin (Sidebar-Content from Shortcode). Root cause: improper neutralization of input during web page generation. Affected product/component: Sidebar-Content from Shortcode (sidebar-content-from-shortcode) up to ver...