25 matches found
CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
CVE-2026-5428
The CVE concerns the Royal Elementor Addons for WordPress (Image Grid/Slider/Carousel widget) with versions ≤ 1.7.1056. The root cause is insufficient output escaping in render_post_thumbnail(), where wp_kses_post() is used for the alt attribute context instead of escaping, enabling Stored Cross-...
GHSA-5MQ8-78GM-PJMQ defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag
Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...
CVE-2026-2362
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
CVE-2026-2362
CVE-2026-2362 affects the WP Accessibility plugin for WordPress (versions
CVE-2026-2362 WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
CVE-2026-2362
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
CVE-2026-2362 WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
PT-2026-22318
The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...
WordPress WP Accessibility plugin <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP Accessibility versions = 2.3.1...
EUVD-2021-24828
Malware in sbrugna...
WordPress Plugin WP Chat App 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...
CVE-2023-27455
CVE-2023-27455 is an unauthenticated, reflected XSS in the WordPress plugin “Update Image Tag Alt Attribute” up to version 2.4.5. Public references confirm the vulnerability affects this plugin and versions ≤ 2.4.5, with a CVSS base score around 6.1 (NVD) and higher in PatchStack data. The issue ...
CVE-2023-27455 WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin = 2.4.5 versions...
WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Update Image Tag Alt Attribute Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27455 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba6000222dd7 Credits...
Update Image Tag Alt Attribute <= 2.4.5 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Update Image Tag Alt Attribute Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 06d58607dd7f Credits István...
Jenkins 跨站脚本漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...
WordPress "Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimization (image SEO) + Woocommerce" plugin < 1.4.5.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress "Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image SEO + Woocommerce" plugin versions 1.4.5.0. Solution Update the WordPress "Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image SEO + Woocommerc...
CVE-2021-38375
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message...