90 matches found
WordPress Accordions - Unauthenticated Settings Update
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress. id: CVE-2022-33198 info: name: WordPress Accordions - Unauthenticated Settings Update author: riteshs4hu severity: critical description: | Unauthenticated WordPress Options Change...
CVE-2026-10862
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
CVE-2026-10862 Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
CVE-2026-10862
CVE-2026-10862 affects the WordPress plugin Accordions (versions up to and including 2.3.23). The root cause is insufficient input sanitization and output escaping in the Accordion body field, enabling authenticated attackers with Custom-level access or higher to perform Stored Cross-Site Scripti...
EUVD-2026-35290
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
CVE-2026-10862
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
CVE-2026-10862 Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
PT-2026-47629
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
WordPress plugin Accordions 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via accordions Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.3...
EUVD-2022-36242
Malicious code in bioql PyPI...
EUVD-2022-40706
Malicious code in bioql PyPI...
EUVD-2022-48003
Malicious code in bioql PyPI...
EUVD-2025-15475
Malicious code in bioql PyPI...
EUVD-2025-15474
Malicious code in bioql PyPI...
EUVD-2024-36445
Malicious code in bioql PyPI...
CVE-2024-5946
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab’ shortcode in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-37122
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5...
CVE-2025-31923
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through = 3.0...
CVE-2025-31922
Cross-Site Request Forgery CSRF vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through = 3.0...