486 matches found
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...
WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability
Authenticated Admin+ PHP Object Injection via wpaicgexportprompts vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...
WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored XSS via Custom Styles vulnerability
Admin+ Stored XSS via Custom Styles vulnerability discovered by Bob Matyas in WordPress Plugin CP Polls versions = 1.0.75...
WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...
CVE-2025-67349
A cross-site scripting XSS vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the section, allowing remote attackers to inject arbitrary script tags...
CVE-2022-50680 Kentico Xperience <= 13.0.92 Email Marketing Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...
EUVD-2023-60200
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
PT-2025-51199
The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-58313
CVE-2024-58313 affects xbtitFM 4.1.18 and describes an insecure file upload in the file_hosting feature. The root cause is a bypass of file-type checks through Content-Type header manipulation (image/gif), GIF89a bytes, and alternate PHP tags, enabling authenticated attackers with administrative ...
PT-2025-50745
Name of the Vulnerable Software and Affected Versions Flatboard version 3.2 Description An authenticated administrator can inject malicious scripts in forum information fields, leading to a stored cross-site scripting issue. Attackers can insert JavaScript payloads that execute when other users...
CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS
The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2025-48714
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php...
EUVD-2025-198432
The WP Delete Post Copies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting
The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-12136
CVE-2025-12136 affects the WordPress plugin “Real Cookie Banner: GDPR & ePrivacy Cookie Consent”. Wordfence and related sources describe a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 5.2.4, caused by insufficient validation of the user-supplied URL in the ...
EUVD-2025-35662
QuickCMS is vulnerable to multiple Stored XSS in page editor functionality pages-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the...
CVE-2025-11926
The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
EUVD-2025-33276
A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/votersadd.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack can be executed remotely. The exploit has...
CVE-2025-11417
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...
EUVD-2019-3992
Malware in sbrugna...