Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.15 views

CVE-2025-14445

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.3 views

CVE-2025-14445

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 4:36 a.m.20 views

CVE-2025-14445

CVE-2025-14445 concerns the Image Hotspot by DevVN WordPress plugin. It allows Stored Cross‑Site Scripting via the hotspot_content custom field in all versions up to 1.2.9, requiring an authenticated attacker with author+ privileges. The impact described is that injected scripts execute when user...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20618

The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Rows per page
Query Builder