CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

CVE-2026-7430

The CVE-2026-7430 affects the Post Snippets WordPress plugin (versions up to and including 4.0.19). The root cause is insufficient output escaping when importing snippets, where content is embedded directly into JavaScript strings in WPEditor.php (jqueryUiDialog) and bypasses wp_magic_quotes(), e...

WordPress Post Snippets – Custom WordPress Code Snippets Customizer plugin <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by a1batr0ss in WordPress Plugin Post Snippets versions = 4.0.19...

CMP WordPress < 4.0.19 - Broken Access Control

CMP WordPress plugin 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication. id: CVE-2022-0188 info: name: CMP WordPress 4.0.19 - Broken Access Contr...

PT-2025-33905 · Themegrill +1 · Themegrill-Demo-Importer +1

Name of the Vulnerable Software and Affected Versions: ColorMag versions prior to 4.0.20 Description: The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the welcome notice import handler function. This allows authenticated...

WordPress ColorMag plugin <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ ThemeGrill Demo Importer Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme ColorMag versions = 4.0.19...

WordPress ColorMag Theme <= 4.0.19 is vulnerable to Broken Access Control

Software ColorMag Type Theme Vulnerable versions = 4.0.19 Fixed in 4.0.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 43bacb806b7e Credits Dmitrii Ignatyev Required privilege...

WordPress和WordPress plugin 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress CMP plugin version 4.0.19 prior to the authorization problem vulnerability, the vulnerability stems from the...

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update vulnerability

Unauthenticated Arbitrary CSS Update vulnerability discovered by Krzysztof Zając in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.18. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 4.0.19...

TerraMaster FS-210 Elevation of Privilege Vulnerability

TerraMaster FS-210 is a NAS Network Attached Storage device from TerraMaster, a Shenzhen, China based company. An elevation of privilege vulnerability exists in TerraMaster FS-210 version 4.0.19, which can be exploited to elevate privileges with the help of the 1.user.php file...

WordPress 4.0.x < 4.0.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...