5 matches found
CVE-2025-4126
creationtimestamp| type| source ---|---|--- 2025-05-15 06:57:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp6wrhec7m2e 2025-08-07 09:00:05+00:00| published-proof-of-concept| Telegram/UOBHIdY3ySfeHEqRgDOMD1tfqOzhoPZZkrJdvo4b1cRAqk 2025-08-09 21:02:26+00:00| seen|...
CVE-2025-4126
CVE-2025-4126 affects the WordPress EG-Series plugin (versions up to and including 2.1.1). Affected component is the shortcode_title handling in the [series] shortcode, where insufficient input sanitization and output escaping allows authenticated attackers (contributor level+) on sites with Clas...
CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...
CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's series shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcodetitle function. This makes it possib...
WordPress EG-Series plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin EG-Series versions = 2.1.1...