20 matches found
CVE-2025-1453
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1453
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1453 Category Posts Widget < 4.9.20 - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1453
CVE-2025-1453 refers to WordPress plugin Category Posts Widget (versions before 4.9.20). The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Conn...
WordPress plugin Category Posts Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in th...
WordPress Category Posts Widget plugin < 4.9.18 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.18...
CVE-2024-9638
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638
CVE-2024-9638 affects Category Posts Widget for WordPress (Category Posts Widget) up to version 4.9.17. The issue is improper sanitization/escaping of widget settings, enabling stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multisite). The root cau...
CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Category Posts Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2025-3730 · WordPress · Category Posts Widget
Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
WordPress Category Posts Widget < 4.9.17- Admin+ Stored XSS vulnerability
WordPress Category Posts Widget 4.9.17- Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.17...
WordPress Category Posts Widget Plugin < 4.9.17 is vulnerable to Cross Site Scripting (XSS)
Software Category Posts Widget Type Plugin Vulnerable versions 4.9.17 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 321a7aaf8265 Credits Dmitrii Ignatyev Required privile...
CVE-2024-6158
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high...
WordPress plugin Category Posts Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
CVE-2024-6158
The CVE-2024-6158 issue affects two WordPress widgets: Category Posts Widget (plugins) up to version 4.9.17, and Term-and-Category-Based-Posts-Widget up to 4.9.13. Root cause: both fail to validate and escape certain Category Posts widget settings before echoing them in a page/post, enabling stor...
CVE-2024-6158 Category Posts Widget (Free < 4.9.17, Pro < 4.9.13) - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high...
PT-2024-37420 · WordPress · Category Posts Widget +1
Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.17 term-and-category-based-posts-widget WordPress plugin versions prior to 4.9.13 Description: The issue concerns the failure to validate and escape certain "Category Posts" widget...