5 matches found
CVE-2025-0837
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2025-0837
creationtimestamp| type| source ---|---|--- 2025-02-13 04:52:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113994782844315190 2025-02-13 05:15:52+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzwnhjaqq2a 2025-02-13 06:30:15+00:00| seen|...
CVE-2025-0837 Puzzles <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2025-0837
CVE-2025-0837 : Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via shortcodes in versions up to and including 4.2.4 due to insufficient input sanitization and output escaping on user-supplied attributes. The issue can be exploited by authenticated attackers with at...
CVE-2025-0837 Puzzles <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...