CVE-2026-7659

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-39975

The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Advanced Social Media Icons plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Advanced Social Media Icons versions = 1.2...

PT-2026-6056

Name of the Vulnerable Software and Affected Versions The Menu Icons by ThemeIsle plugin for WordPress versions up to and including 0.13.20 Description The software is susceptible to a Stored Cross-Site Scripting issue due to inadequate input sanitization and output escaping. This allows...

EUVD-2024-44239

Malicious code in bioql PyPI...

CVE-2025-49395 WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Icons themify-icons allows Stored XSS.This issue affects Themify Icons: from n/a through = 2.0.3...

CVE-2025-27288

CVE-2025-27288 : WordPress WordPress File Icons plugin (versions n/a–2.1) is affected by a Reflected XSS due to improper input neutralization during page generation. CVSS v3.1 base score 7.1 (HIGH); vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. Affected product: File Icons plugin for Word...

CVE-2025-2513

The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access...

CVE-2025-31786

CVE-2025-31786 describes a Missing Authorization vulnerability in the Simple Icons plugin (WordPress), affecting versions up to 2.8.4. The entry notes a CVSS v3.1 base score of 5.3 (medium) and indicates exploitation would involve access control misconfigurations, but there are no public details ...

WordPress plugin Simple Icons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress File Icons Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin File Icons versions = 2.1...

WordPress Custom Icons for Elementor plugin <= 0.3.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin Custom Icons for Elementor versions = 0.3.3...

PT-2024-39369 · WordPress · Material Design Icons

Name of the Vulnerable Software and Affected Versions: Material Design Icons plugin for WordPress versions up to, and including, 0.0.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

WordPress plugin Sticky Social Media Icons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-30445 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f47e40e4725 Credits Steven Julian Required privilege...

WordPress Themify Icons Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Themify Icons Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 83a7321eca30 Credits Ray Wilson Required privilege Contributo...

CVE-2023-47229

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vyas Dipen Top 25 Social Icons plugin = 3.1 versions...

CVE-2023-5232

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Broken Access Control

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-34009 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a4dfcea8ca4 Credits István Márton...

WordPress plugin WP SVG Icons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP SVG Icons plugin version 3.2.3 and prior versions contain a remote code execution...