10 matches found
CVE-2026-8871
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871 Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
EUVD-2026-32076
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871 Formidable Kinetic <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kineticlink' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', an...
CVE-2026-8871
The CVE-2026-8871 entry concerns the WordPress plugin Formidable Kinetic . It is vulnerable to a Stored Cross-Site Scripting (XSS) via the shortcodes using the attribute set of the kinetic_link shortcode, in versions up to and including 1.1.01. The root cause is insufficient input sanitization an...
WordPress plugin Formidable Kinetic 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-43519
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic link' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', a...
WordPress Formidable Kinetic plugin <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Formidable Kinetic versions = 1.1.01...