3 matches found
CVE-2025-5588
The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘download’ parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-5588
creationtimestamp| type| source ---|---|--- 2025-06-26 02:50:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19564 2025-06-26 08:29:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsiphw7s6v2i...
WordPress Image Editor by Pixo plugin <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via download Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Image Editor by Pixo versions = 2.3.6...