26 matches found
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-14375
CVE-2025-14375 concerns the WordPress plugin “RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging.” Reports consistently describe a Reflected Cross-Site Scripting vulnerability via the className parameter in versions up to and including 5.0.10, arising from insufficient input ...
EUVD-2025-28448
Malicious code in bioql PyPI...
CVE-2025-6255
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-6255 Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-6255
CVE-2025-6255 affects the WordPress plugin Dynamic AJAX Product Filters for WooCommerce . Root cause: insufficient input sanitization and output escaping in the className parameter, enabling Stored Cross‑Site Scripting . Affected versions: all up to and including 1.3.7 . Impact: authenticated att...
PT-2025-34969
Name of the Vulnerable Software and Affected Versions: Dynamic AJAX Product Filters for WooCommerce plugin for WordPress versions prior to 1.3.8 Description: The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting via the className...
CVE-2025-5754 Useful Tab Block – Responsive & AMP-Compatible <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter
The Useful Tab Block – Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Pre-School Enrollment System add-class.php File SQL Injection Vulnerability
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of the classname parameter in the file /admin/add-class.php for externally entered SQL statements. An...
CVE-2025-6320
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...
PHPGurukul Pre-School Enrollment System 注入漏洞
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of the classname parameter in the file /admin/add-class.php for externally entered SQL statements. An...
CVE-2024-3747
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PHPGurukul Pre-School Enrollment System 注入漏洞
PHPGurukul Pre-School Enrollment System is a web-based preschool enrollment system from PHPGurukul, Inc. An injection vulnerability exists in version 1.0 of the PHPGurukul Pre-School Enrollment System, which stems from the fact that incorrect manipulation of the parameters classname/capacity can...
CVE-2024-3747
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-3747
The CVE-2024-3747 issue affects Blocksy Theme for WordPress (versions up to 2.0.39). It is a Stored XSS in the About Me block via the className parameter, exploitable by authenticated users with Contributor+ privileges. The vulnerability arises from insufficient input sanitization and output esca...
CVE-2023-2433
The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...