CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

CVE-2020-37233 WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

WordPress plugin Buddypress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-48315

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTML: from n/a through = 0.51...

CVE-2025-48315

CVE-2025-48315 is a stored XSS vulnerability in the WordPress HTML plugin (versions

CVE-2025-48315 WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTML: from n/a through = 0.51...

WordPress plugin WordPress HTML 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-35004

Name of the Vulnerable Software and Affected Versions: stanton119 WordPress HTML versions through 0.51 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: At the moment, there i...

Linux Distros Unpatched Vulnerability : CVE-2024-31211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is an open publishing platform for the Web. Unserialization of instances of the WPHTMLToken class allows for code execution via its destruct magic...

WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin WordPress HTML versions = 0.51...

CVE-2025-31080

The CVE-2025-31080 entry concerns HTML Forms for WordPress (HTML Forms plugin), with a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. Affected versions are HTML Forms: from n/a through 1.5.1. The CVSS 3.1 base metrics indicate a HIGH ...

CVE-2024-56060 WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through = 1.4.1...

WordPress HTML Forms Plugin < 1.3.33 is vulnerable to Cross Site Scripting (XSS)

Software HTML Forms Type Plugin Vulnerable versions 1.3.33 Fixed in 1.3.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d51e0c8f019 Credits Majdeddine Ben Hadj Brahim...

WordPress plugin HTML Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress HTML Forms plugin <= 1.3.24 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in the WordPress HTML Forms plugin versions = 1.3.24. Solution Update the WordPress HTML Forms plugin to the latest available version at least 1.3.25...