3 matches found
WordPress StreamWeasels Kick Integration plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin SW Kick Integration versions = 1.1.4...
CVE-2025-7810
creationtimestamp| type| source ---|---|--- 2025-07-29 07:15:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv3kquv3ji2h...
CVE-2025-7810 StreamWeasels Kick Integration <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...