CVE-2025-12964

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

CVE-2025-12964

CVE-2025-12964 : The WordPress plugin Magical Products Display (MPD Pricing Table widget) is vulnerable to Stored XSS in all versions up to 1.1.29 due to insufficient input sanitization and output escaping of user-supplied HTML tag names in the mpdpr_title_tag and mpdpr_subtitle_tag parameters. E...

WordPress plugin Magical Products Display 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

PT-2025-47715

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdpr title tag' and 'mpdpr subtitle tag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

WordPress Magical Products Display plugin <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Products Display versions = 1.1.29...

WordPress plugin Contact Form Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Fana Theme <= 1.1.28 is vulnerable to Local File Inclusion

Software Fana Type Theme Vulnerable versions = 1.1.28 Fixed in 1.1.29 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49251 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ee30ced0791e Credits Phat RiO - BlueRock Required privilege...

CVE-2024-3984

The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocialreviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...

WordPress EmbedSocial plugin <= 1.1.29 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin EmbedSocial versions = 1.1.29...

WordPress plugin Popup Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-25982 · Ghozylab · Popup Builder

Name of the Vulnerable Software and Affected Versions: GhozyLab, Inc. Popup Builder versions 1.1.29 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. There is a...

WordPress CityLogic theme <= 1.1.29 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme CityLogic versions = 1.1.29...

SyncTrayzor Security Vulnerability

SyncTrayzor is a small tray utility for Syncthing on Windows. A security vulnerability exists in SyncTrayzor version 1.1.29 that stems from enabling CEF remote debugging, allowing a local attacker to take control of the application...

PT-2023-12619 · Unknown +1 · Synctrayzor +1

Name of the Vulnerable Software and Affected Versions: SyncTrayzor version 1.1.29 Description: The issue allows a local attacker to control the application due to the enabled CEF Chromium Embedded Framework remote debugging. Recommendations: For SyncTrayzor version 1.1.29, consider disabling the...

Yii Security Vulnerabilities

Yii is a component-based, high-performance PHP framework for developing large-scale web applications developed by the YII team. A security vulnerability exists in Yii versions prior to 1.1.29, which stems from vulnerability to Remote Code Execution RCE attacks and may be exploited by attackers to...

SUSE CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of...

CVE-2023-22456

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...

WordPress woo-variation-gallery cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. woo-variation-gallery is a plugin for e-commerce sites that adds images to products. A cross-site scripting vulnerability exists in...

WordPress Additional Variation Images for WooCommerce plugin <= 1.1.28 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress Additional Variation Images for WooCommerce plugin versions = 1.1.28. Solution Update the WordPress Additional Variation Images for WooCommerce plugin to the latest available version at least 1.1.29...