WordPress The Bucketlister plugin <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes vulnerability

Authenticated Contributor+ SQL Injection via category and id Shortcode Attributes vulnerability discovered by Ivan Cese in WordPress Plugin The Bucketlister versions = 0.1.5...

GHSA-W67G-2H6V-VJGQ Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

Impact During a security audit conducted with Claude Opus 4.6 and GPT-5.3-Codex, we identified three specific ways to bypass the XSS cross-site-scripting protection built into Phlex. 1. The first bypass could happen if user-provided attributes with string keys were splatted into HTML tag, e.g...

Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

Impact During a security audit conducted with Claude Opus 4.6 and GPT-5.3-Codex, we identified three specific ways to bypass the XSS cross-site-scripting protection built into Phlex. 1. The first bypass could happen if user-provided attributes with string keys were splatted into HTML tag, e.g...

CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

CVE-2026-25650

CVE-2026-25650 concerns MCP Salesforce Connector (Model Context Protocol) prior to version 0.1.10. An arbitrary attribute access flaw allows disclosure of Salesforce OAuth bearer tokens used by MCP-Salesforce. Multiple sources (Red Hat, NVD, CVE lists, advisories) confirm the issue and that it is...

CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

Information Exposure

Overview mcp-salesforce-connector is an A Model Context Protocol MCP server implementation for Salesforce integration Affected versions of this package are vulnerable to Information Exposure due to arbitrary attribute access. An attacker can obtain sensitive bearer tokens by accessing arbitrary...

MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...

CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute

The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the yoast-schema block attribute in all versions up to, and including, 26.8 due to insufficient input sanitization and output escaping. This makes it...

XSS-Lab-Handson-3-TI-WEB2

Nama : Ronald Saut Manurung NIM : 2481022 Prodi : Tekni...

CVE-2026-1279 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-1909

The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for authenticated attackers,...

CVE-2026-1909 WaveSurfer-WP <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute

The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for authenticated attackers,...

CVE-2026-1909

The WaveSurfer-WP WordPress plugin is affected by a Stored Cross-Site Scripting (XSS) flaw in all versions up to and including 2.8.3, caused by insufficient input sanitization and output escaping on the 'src' attribute of the audio shortcode. Authenticated attackers with Contributor-level access ...

CVE-2026-1808

The CVE-2026-1808 entry concerns the Orange Confort+ accessibility toolbar for WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the style parameter of the ocplus_button shortcode in all versions up to 0.7 due to insufficient input sanitization and output escaping. Exploitatio...

CVE-2026-1228

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

WordPress Yoast SEO plugin <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability discovered by dragonzenai - AhnLab in WordPress Plugin Yoast SEO versions = 26.8...

WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability

Insecure Direct Object Reference to Authenticated Author+ Private Timeline Exposure via Shortcode Attribute vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Timeline Block versions = 1.3.3...