5 matches found
CVE-2026-6246
The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-1754
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12038
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
PT-2025-33958 · Jorge Garcia De Bustos · Awstats Script
Name of the Vulnerable Software and Affected Versions: AWStats Script versions n/a through 0.3 Description: An improper neutralization of input during web page generation issue, specifically a Stored Cross-site Scripting XSS flaw, exists in Jorge Garcia de Bustos AWStats Script. This allows for t...
WordPress Webriti Custom Login plugin <= 0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Webriti Custom Login versions = 0.3...