2 matches found
CVE-2026-15284
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...
WordPress: Stored XSS in Post Preview as Contributor
Root cause I noticed that the getthecontent makes a pregreplacecallback after all other validation and sanitization has been performed. function getthecontent $morelinktext = null, $stripteaser = false global $page, $more, $preview, $pages, $multipage; $post = getpost; ... if $preview // Preview...