281 matches found
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859
CVE-2026-7859 affects the Motors WordPress plugin before 1.4.110. The vulnerability arises from missing proper authorisation and CSRF checks on an AJAX action, allowing unauthenticated attackers to modify arbitrary post metadata (e.g., gallery, featured image) and, on WooCommerce sites, product p...
CVE-2026-10779
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
CVE-2026-10779 Classified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
EUVD-2026-37978
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
CVE-2026-5077
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
EUVD-2026-26768
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
CVE-2026-5077
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
PT-2026-36597
Name of the Vulnerable Software and Affected Versions Total theme for WordPress versions prior to 2.2.2 Description Stored Cross-Site Scripting is possible via post titles due to insufficient output escaping when rendering the the title function inside HTML attribute context in the home blog...
EUVD-2026-20389
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...
CVE-2026-39693
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...
CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...
CVE-2026-39693 WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...
CVE-2026-39693
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through = 1.25.1...
CVE-2026-39693
CVE-2026-39693 affects the WordPress plugin FSM Custom Featured Image Caption by fesomia, with a DOM-Based XSS due to improper neutralization of input during web page generation. Affected versions are up to and including 1.25.1 . Red Hat/NVD/CVE records also confirm the issue and indicate the imp...
PT-2026-31255
Name of the Vulnerable Software and Affected Versions fesomia FSM Custom Featured Image Caption versions through 1.25.1 Description A DOM-Based Cross-Site Scripting XSS issue exists in the fesomia FSM Custom Featured Image Caption plugin. This allows for improper neutralization of input during we...
WordPress Twentig plugin <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twentig Supercharged Block Editor versions = 1.9.7...
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...