11 matches found
CVE-2026-5428
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...
CVE-2026-5428
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...
CVE-2026-5428 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting via Image Caption Field
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...
CVE-2026-5428
The CVE concerns the Royal Elementor Addons for WordPress (Image Grid/Slider/Carousel widget) with versions ≤ 1.7.1056. The root cause is insufficient output escaping in render_post_thumbnail(), where wp_kses_post() is used for the alt attribute context instead of escaping, enabling Stored Cross-...
PT-2026-34856
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the render post thumbnail function, where wp kses post ...
CVE-2026-1302 Meta-box GalleryMeta <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...
Drupal Wiki Security Vulnerabilities
Drupal Wiki is a free and open source content management system from Drupal Wiki, Inc. A security vulnerability exists in Drupal Wiki versions prior to 8.31.1, which stems from allowing cross-site scripting XSS attacks via comments, titles, and image captions on Wiki pages...
WordPress plugin Real Media Library: Media Library Folder & File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
WordPress Plugin Ninja Forms Contact Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Chevereto 跨站脚本漏洞
Chevereto is a graph bed program. A cross-site scripting vulnerability exists in Chevereto that stems from Chevereto allowing cross-site scripting XSS to be executed via image captions during the image upload phase...