4 matches found
CVE-2026-9677
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-9677
CVE-2026-9677 affects the Shariff for WordPress plugin up to version 1.0.11. The vulnerability arises from not sanitizing or escaping the shariff_infourl setting before it is output in the frontend HTML via the generateshariff() function, enabling Stored Cross-Site Scripting by high-privilege use...
EUVD-2021-11451
Malware in sbrugna...
CVE-2021-24592
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...