3 matches found
WordPress Category Posts Widget plugin < 4.9.20 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.20...
CVE-2025-1453
creationtimestamp| type| source ---|---|--- 2025-04-24 06:05:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13191 2025-04-24 08:52:54+00:00| seen| https://t.me/cvedetector/23641 2025-04-24 09:15:11+00:00| seen|...
CVE-2025-1453
CVE-2025-1453 refers to WordPress plugin Category Posts Widget (versions before 4.9.20). The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Conn...