3 matches found
CVE-2025-6290
The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-6290 Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode
The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Tournament Bracket Generator plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via bracket Shortcode vulnerability discovered by Gilang in WordPress Plugin Tournament Bracket Generator versions = 1.0.0...