3 matches found
WordPress Markup Markdown plugin < 3.20.10 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Markup Markdown versions 3.20.10...
CVE-2025-9541
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-9540
CVE-2025-9540 affects the WordPress plugin Markup Markdown up to version 3.20.9. The issue allows links to contain JavaScript, enabling Stored XSS for users with the Contributor role or higher. The CVSS 3.1 base score is 4.7 (Impact/Integrity/Availability Low). A fix is available in version 3.20....