4 matches found
EUVD-2025-60943
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
CVE-2025-11828
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
CVE-2025-11828 Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
PT-2025-46253
Name of the Vulnerable Software and Affected Versions The Magazine Companion plugin for WordPress versions through 1.2.3 Description The Magazine Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the headerHtmlTag attribute within the bnm-blocks/featured-posts-1...