CVE-2025-8398

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8398

CVE-2025-8398 concerns the azurecurve BBCode WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s url shortcode in all versions up to and including 2.0.4. It affects authenticated users with contributor-level access and above, enabling injection of scripts t...

CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress azurecurve BBCode plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via url Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin azurecurve BBCode versions = 2.0.4...

WordPress plugin azurecurve BBCode 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-37126

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Linux Distros Unpatched Vulnerability : CVE-2012-4230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allow...

CVE-2024-28234

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2021-29399

XMB is vulnerable to cross-site scripting XSS due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16...

CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode...

CVE-2025-46479

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevynCJohnson BBCode Deluxe bbcode-deluxe allows DOM-Based XSS.This issue affects BBCode Deluxe: from n/a through = 2020.08.01.2...

WordPress BBCode Deluxe plugin <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin BBCode Deluxe versions = 2020.08.01.2...

CVE-2025-46479

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevynCJohnson BBCode Deluxe bbcode-deluxe allows DOM-Based XSS.This issue affects BBCode Deluxe: from n/a through = 2020.08.01.2...

CVE-2025-46479

The CVE-2025-46479 entry concerns a DOM-based XSS in the WordPress BBCode Deluxe plugin. Affected versions are BBCode Deluxe up to 2020.08.01.2, with the root cause described as improper input neutralization during web page generation. The CVSS vector provided (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L...

CVE-2025-46479 WordPress BBCode Deluxe plugin <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevynCJohnson BBCode Deluxe bbcode-deluxe allows DOM-Based XSS.This issue affects BBCode Deluxe: from n/a through = 2020.08.01.2...

CVE-2025-46479 WordPress BBCode Deluxe <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevynCJohnson BBCode Deluxe allows DOM-Based XSS. This issue affects BBCode Deluxe: from n/a through 2020.08.01.2...

WordPress plugin BBCode Deluxe 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-17793 · Unknown · Bbcode Deluxe

Name of the Vulnerable Software and Affected Versions: BBCode Deluxe versions through 2020.08.01.2 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This can lead to Cross-site Scripting attacks. Recommendations: For...