6 matches found
CVE-2025-4219
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...
CVE-2025-4219
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...
CVE-2025-4219
CVE-2025-4219 affects the WordPress plugin DPEPress . The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the plugin’s dpe shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. It affects all versions up to and including 0.3. An attack...
CVE-2025-4219 DPEPress <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...
PT-2025-22338 · WordPress · Dpepress
Name of the Vulnerable Software and Affected Versions: DPEPress plugin for WordPress versions up to, and including, 0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode due to insufficient input sanitization and output escaping on user-supplied...
WordPress DPEPress plugin <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin DPEPress versions = 0.3...