9 matches found
CVE-2026-1391
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1391
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...
EUVD-2026-4923
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1391
CVE-2026-1391 affects the WordPress plugin Vzaar Media Management (versions ≤ 1.2). The vulnerability is a Reflected Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping on the $_SERVER['PHP_SELF'] variable. It enables unauthenticated attackers to inject arbitra...
WordPress Vzaar Media Management plugin <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Vzaar Media Management versions = 1.2...
PT-2026-5096
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable. This makes it possible for unauthenticated attackers to inject...
WordPress plugin Vzaar Media Management has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...