CVE-2026-25351

The CVE-2026-25351 entry concerns the WordPress theme MyMedi (MyMedi) with a Reflected Cross-Site Scripting flaw in MyMedi up to version 1.7.7, caused by improper input neutralization during web page generation. The Wordfence report confirms affected software as MyMedi

WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyMedi versions 1.7.7...

PT-2026-6776

Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7 Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting XSS issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into...

Grist 安全漏洞

Grist is a modern relational spreadsheet open-sourced by Grist. A security vulnerability exists in Grist versions prior to 1.7.7, which stems from a partial read permission user having access to the full document change history, potentially leading to the disclosure of sensitive information...

WordPress plugin Pagelayer cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...