CVE-2026-28343

A flaw was found in CKEditor. This cross-site scripting XSS vulnerability in the General HTML Support feature allows an attacker to execute unauthorized JavaScript code. This can occur by inserting specially crafted markup if the editor instance is configured with unsafe General HTML Support...

CVE-2023-2401

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-24706

The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-13357

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-21440 · WordPress · Mailpoet

Name of the Vulnerable Software and Affected Versions: MailPoet WordPress plugin versions prior to 5.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

DEBIAN-CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

PT-2024-16806 · WordPress · Simple Side Tab

Name of the Vulnerable Software and Affected Versions: Simple Side Tab WordPress plugin version prior to 2.2.0 Description: The issue concerns the Simple Side Tab WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as...

WordPress plugin Front Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Get your number 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-16596 · WordPress · Timesheet

Name of the Vulnerable Software and Affected Versions: Time Sheets WordPress plugin versions prior to 1.29.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

WordPress plugin Analytics for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Analytics for WP plugin 1.5.1 and earlier versions contain a cross-site scripting...

CVE-2022-3069

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-25088

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2018-9233

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other...