3 matches found
CVE-2025-5940
The Osom Blocks – Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘classname’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-5940
CVE-2025-5940 Osom Blocks for WordPress is affected by a Stored Cross-Site Scripting via the class_name parameter in all versions up to 1.2.1. Exploitation requires authenticated access at Contributor level or higher , and triggers script execution when a page is loaded. The vulnerability is conf...
WordPress Osom Blocks plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via classname Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Osom Blocks versions = 1.2.1...