PT-2025-1941 · WordPress · Bu Section Editing Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: BU Section Editing WordPress plugin versions 0.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. Thi...

PT-2025-1940 · WordPress · Aklamator Infeed

Name of the Vulnerable Software and Affected Versions: Aklamator INfeed WordPress plugin versions through 2.0.0 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This coul...

CVE-2024-6019

The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...

CVE-2024-3048

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...

CVE-2023-4142

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...