17 matches found
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914 FuseDesk <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
CVE-2026-1914
The FuseDesk WordPress plugin (up to version 6.8) contains a Stored XSS due to insufficient sanitization and output escaping on the emailtext attribute of the fusedesk_newcase shortcode. Authenticated attackers with Contributor-level access or higher can inject scripts that execute when users vie...
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesknewcase shortcode in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping on the 'emailtext' attribute. This makes it possible for authenticated...
EUVD-2025-12120
Malicious code in bioql PyPI...
EUVD-2024-51615
Malicious code in bioql PyPI...
CVE-2025-3832
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-3832
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-3832 FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-3832
Summary (CVE-2025-3832): The FuseDesk WordPress plugin (≤ v6.7) is vulnerable to Stored Cross-Site Scripting via the successredirect parameter due to insufficient input sanitization and output escaping. The issue allows authenticated attackers with at least Contributor privileges to inject and tr...
WordPress plugin FuseDesk 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-17721 · WordPress · Usedesk
Name of the Vulnerable Software and Affected Versions: FuseDesk plugin for WordPress versions up to, and including, 6.7 Description: The issue is related to Stored Cross-Site Scripting via the successredirect parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2024-13459
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13459
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13459 FuseDesk <= 6.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesknewcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13459
CVE-2024-13459 affects the WordPress plugin FuseDesk, exposed ≤ 6.6.1. It enables authenticated (Contributor+) Stored Cross-Site Scripting via the fusedesk_newcase shortcode due to insufficient input sanitization/out‑escaping. Evidence from Wordfence and CVE records confirms the issue and that a ...