CVE-2026-3516 Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clmapiframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The saveCustomFiel...

CVE-2026-3516 Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clmapiframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The saveCustomFiel...

CVE-2025-1440

The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aipmapurlcallback function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the...

Cross site scripting

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

CVE-2020-19697

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

WordPress plugin Embed Swagger 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-05299)

WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS version 4.1.0 cross-site scripting vulnerability, remote attackers can use the /index.php?m=message&f=message&v=add URL's 'setiframe' parameter to use the vulnerability to inject...