3 matches found
CVE-2025-7959 Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters
The Station Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width' and 'height’ parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-7959
CVE-2025-7959 concerns the Station Pro plugin for WordPress, which is vulnerable to a Stored Cross-Site Scripting (XSS) flaw via the width and height parameters in all versions up to and including 2.4.2. The vulnerability requires an attacker with at least Contributor access to inject script that...
WordPress Station Pro plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via width and height Parameters vulnerability discovered by Peter Thaleikis in WordPress Plugin Station Pro versions = 2.4.2...