3 matches found
CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...
CVE-2025-24549 WordPress Post Meta plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Mahbubur Rahman Post Meta post-meta allows Reflected XSS.This issue affects Post Meta: from n/a through = 1.0.9...
WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control
Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...