27 matches found
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
WordPress FuseDesk plugin <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin FuseDesk versions = 6.8...
EUVD-2026-14147
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914
The FuseDesk WordPress plugin (up to version 6.8) contains a Stored XSS due to insufficient sanitization and output escaping on the emailtext attribute of the fusedesk_newcase shortcode. Authenticated attackers with Contributor-level access or higher can inject scripts that execute when users vie...
CVE-2026-1914 FuseDesk <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914 FuseDesk <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
WordPress plugin FuseDesk 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26826
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk newcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
EUVD-2025-12120
Malicious code in bioql PyPI...
EUVD-2024-51615
Malicious code in bioql PyPI...
CVE-2025-3832
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-3832
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-3832 FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-3832
Summary (CVE-2025-3832): The FuseDesk WordPress plugin (≤ v6.7) is vulnerable to Stored Cross-Site Scripting via the successredirect parameter due to insufficient input sanitization and output escaping. The issue allows authenticated attackers with at least Contributor privileges to inject and tr...
WordPress plugin FuseDesk 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-17721 · WordPress · Usedesk
Name of the Vulnerable Software and Affected Versions: FuseDesk plugin for WordPress versions up to, and including, 6.7 Description: The issue is related to Stored Cross-Site Scripting via the successredirect parameter due to insufficient input sanitization and output escaping. This allows...
WordPress FuseDesk plugin <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via successredirect Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin FuseDesk versions = 6.7...
CVE-2024-13459
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...