CVE-2022-4551

The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

CVE-2022-39270

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

CVE-2012-5584

The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block...

CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2025-17290 · WordPress · La-Studio Element Kit For Elementor

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Table of Contents widget due to insufficient input sanitization an...

CVE-2025-31004

Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through = 1.4.0...

CVE-2025-31385

Cross-Site Request Forgery CSRF vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through = 0.3...

WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Plugin Rich Table of Contents versions = 1.4.0...

CVE-2025-31385

Cross-Site Request Forgery CSRF vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through = 0.3...

CVE-2025-31004

Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through = 1.4.0...

CVE-2025-31385

CVE-2025-31385 describes a Cross-Site Request Forgery (CSRF) leading to a Stored XSS in the WordPress plugin Site Table of Contents . Affected versions are listed as from n/a through 0.3 ; CVSS 3.1 base score 7.1 (HIGH). The Connected Documents confirm the issue type (CSRF → Stored XSS) and affec...

CVE-2025-31385 WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in intelcaprep Site Table of Contents site-table-of-contents allows Stored XSS.This issue affects Site Table of Contents: from n/a through = 0.3...

CVE-2025-31385 WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Site Table of Contents allows Stored XSS. This issue affects Site Table of Contents: from n/a through 0.3...

CVE-2025-31004 WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through = 1.4.0...

CVE-2025-31004 WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Croover.inc Rich Table of Contents rich-table-of-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Table of Contents: from n/a through = 1.4.0...

PT-2025-15742 · Unknown · Site Table Of Contents

Name of the Vulnerable Software and Affected Versions: Site Table of Contents versions 0.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

CVE-2025-2299

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2025-2299

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2025-2299

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...