CVE-2025-14797

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797

CVE-2025-14797 is a Stored Cross-Site Scripting (Stored XSS) vulnerability in the WordPress plugin “Same Category Posts” (

CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

WordPress Same Category Posts plugin <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Widget Title Placeholder vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Same Category Posts versions = 1.1.19...

PT-2026-4570

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialchars decode on taxonomy term names before output, which decodes HTML entitie...

PT-2024-17943 · Themeisle · Orbit Fox

Name of the Vulnerable Software and Affected Versions: The Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.30 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title due to insufficient input sanitization and...

Debian: Security Advisory (DLA-294-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-46RX-6JG9-4FH8 Cross-site Scripting in LibreNMS

LibreNMS through 21.10.2 allows XSS via a widget title...

CVE-2021-43324

CVE-2021-43324 affects LibreNMS up to version 21.10.2, where a lack of sanitization in the widget title allows cross-site scripting (XSS) in the web UI. The vulnerability enables injection of malicious script into widget titles, with the exploit details not provided in the supplied documents. Sev...

xwiki-platform 代码注入漏洞

Thomas Mortagne xwiki-platform is an open source application by Thomas Mortagne. A general-purpose Wiki platform that provides runtime services for applications built on it. A code injection vulnerability exists in xwiki-platform, which stems from the fact that a user without programming privileg...

Video on Admin Dashboard < 1.1.4 - Authenticated Stored XSS

Video on Admin Dashboard is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. A user can insert a simple script in the Widget Title text field, e.g. "alert'XSS';. Every specified user role by the plugin will now be targeted...

CVE-2015-5732

Cross-site scripting XSS vulnerability in the form function in the WPNavMenuWidget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title...

DEBIAN-CVE-2015-5732

Cross-site scripting XSS vulnerability in the form function in the WPNavMenuWidget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title...

DLA-294-1 wordpress - security update

Bulletin has no description...

WordPress <= 4.2.3 - XSS #2

This vulnerability exists in the WPNavMenuWidget class in wp-includes/default-widgets.php in the "form" function. It allows remote attackers to inject arbitrary web script or HTML via a widget title. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss Solution...