CVE-2025-1524

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

EUVD-2023-54240

Malicious code in bioql PyPI...

CVE-2023-37065

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section...

PT-2025-21428 · WordPress · Prisna Gwt Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Prisna GWT WordPress plugin versions prior to 1.4.14 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed,...

PT-2025-21411 · WordPress · Wp Google Review Slider

Name of the Vulnerable Software and Affected Versions: WP Google Review Slider versions prior to 15.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...