9 matches found
CVE-2026-4081
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-4081
The CVE concerns the ZeM STL plugin for WordPress, affected in all versions up to 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the [zemstl] shortcode caused by insufficient input sanitization and output escaping of user-supplied shortcode attributes, specifically 'url' , 'col...
CVE-2026-4081 ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-4081
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
EUVD-2026-33885
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
CVE-2026-4081 ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the zemstl shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'color', and 'bgcolor'...
PT-2026-45708
Name of the Vulnerable Software and Affected Versions ZeM STL plugin for WordPress versions prior to 1.1 Description Stored Cross-Site Scripting is possible via the zemstl shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Specifically, the url, colo...
WordPress plugin ZeM STL 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress ZeM STL plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin ZeM STL versions = 1.0...