CVE-2025-68525 WordPress Category Icon plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Category Icon category-icon allows Stored XSS.This issue affects Category Icon: from n/a through = 1.0.2...

CVE-2024-8915

The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

WordPress Category Icon plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Category Icon versions = 1.0.0...

WordPress Category Icon Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category Icon Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8915 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f4c7d2ae8cd Credits Francesco Carlucci Require...

PT-2024-39316 · WordPress · Category Icon

Name of the Vulnerable Software and Affected Versions: Category Icon plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticate...