39 matches found
PT-2026-3228
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2025-202961
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
CVE-2025-12650 Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
CVE-2025-12650 Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
CVE-2025-12650
CVE-2025-12650 corresponds to a stored cross-site scripting vulnerability in the WordPress plugin “Simple post listing.” The Wordfence report details that all versions up to and including 0.2 are affected due to insufficient input sanitization and output escaping on user-supplied attributes. The ...
WordPress plugin Simple post listing 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-50806
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class name' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...
CVE-2025-10782
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument classname results in sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2025-10782 Campcodes Online Learning Management System class.php sql injection
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument classname results in sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2025-10782
Campcodes Online Learning Management System 1.0 is affected by a SQL injection in /admin/class.php via manipulation of the class_name parameter. The issue is a remote vulnerability and the exploit has been released publicly. Root cause: improper handling of the class_name argument in an unknown f...
CVE-2025-10781
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/editclass.php. Such manipulation of the argument classname leads to sql injection. The attack can be executed remotely. The exploit is publicly available and migh...
CVE-2025-10781 Campcodes Online Learning Management System edit_class.php sql injection
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/editclass.php. Such manipulation of the argument classname leads to sql injection. The attack can be executed remotely. The exploit is publicly available and migh...
Campcodes Online Learning Management System 安全漏洞
CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter classname in the file...
CVE-2025-6255 Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-5940
The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘classname’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress plugin Osom Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
CVE-2025-5723
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting...
SourceCodester Student Result Management System 代码注入漏洞
SourceCodester Student Result Management System is a SourceCodester open source student result management system . A code injection vulnerability exists in SourceCodester Student Result Management System version 1.0, which originates from cross-site scripting due to incorrect manipulation of the...
WordPress plugin OpenSheetMusicDisplay 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-50840
A Stored Cross-Site Scripting XSS vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the classname parameter...