CVE-2025-2299 LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2025-2299

CVE-2025-2299: The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) via the ajaxEdit function in versions up to 2.1.10. The root cause is missing or incorrect nonce validation, enabling unauthenticated attacker...

CVE-2025-2299 LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress LuckyWP Table of Contents plugin <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin LuckyWP Table of Contents versions = 2.1.10...

PT-2025-14608 · WordPress · Luckywp Table Of Contents

Name of the Vulnerable Software and Affected Versions: LuckyWP Table of Contents plugin for WordPress versions up to, and including, 2.1.10 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxEdit function. This allows...

OESA-2025-1240 python-jupyterlab security update

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface. Security Fixes: JupyterLab is an extensible...

CVE-2025-27305

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table of Contents Block: from n/a through = 1.0.2...

CVE-2025-27305

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table of Contents Block: from n/a through = 1.0.2...

WordPress Table of Contents Block plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Table of Contents Block versions = 1.0.2...

CVE-2025-27305

CVE-2025-27305 relates to the WordPress plugin “Table of Contents Block” (versions

CVE-2025-27305 WordPress Table of Contents Block plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table of Contents Block: from n/a through = 1.0.2...

WordPress CM Table Of Contents plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM Table Of Contents – WordPress TOC Plugin versions = 1.2.1...

WordPress LuckyWP Table of Contents plugin < 2.1.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin LuckyWP Table of Contents versions 2.1.7...

CVE-2024-9641

The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9641

CVE-2024-9641 affects LuckyWP Table of Contents for WordPress, prior to version 2.1.7. The issue is stored cross-site scripting (XSS) arising from insufficient sanitization/escaping of certain plugin settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfiltered_htm...

CVE-2024-9641 LuckyWP Table of Contents < 2.1.7 - Admin+ Stored XSS

The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-39734 · WordPress · Luckywp Table Of Contents

Name of the Vulnerable Software and Affected Versions: LuckyWP Table of Contents versions prior to 2.1.7 Description: The issue concerns the LuckyWP Table of Contents WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high privilege users, such as...

CVE-2023-25469

Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2...

CVE-2023-25469 WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2...

CVE-2023-25469

CVE-2023-25469 is a WordPress plugin vulnerability in Easy Table of Contents (versions