7 matches found
PT-2026-3994
Name of the Vulnerable Software and Affected Versions SEOSEON EUROPE S.L Affiliate Link Tracker versions through 0.2 Description The Affiliate Link Tracker software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. Thi...
CVE-2025-14143 Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayoaction shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11521 Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attacke...
CVE-2025-58200
Cross-Site Request Forgery CSRF vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through = 0.2...
CVE-2025-53219
CVE-2025-53219 is a CSRF vulnerability in WordPress WP-Database-Optimizer-Tools (versions up to 0.2). The issue allows Cross Site Request Forgery by authenticated users; impact is described as I: LOW, A: LOW, with UI interaction required and network/low complexity. The affected plugin is WP-Datab...
CVE-2025-8688 Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode
The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Justrows Free plugin <= 0.2 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin JustRows free versions = 0.2...