71 matches found
CVE-2026-3369
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-5191
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-5191
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
EUVD-2026-33901
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-5191
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-5191 Tiled Gallery Carousel Without JetPack <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-image-title'
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-5191
The CVE-2026-5191 entry concerns the WordPress plugin “Tiled Gallery Carousel Without JetPack.” The vulnerability is a stored cross-site scripting flaw in the data-image-title parameter, present in all versions up to and including 3.1, caused by insufficient input sanitization and output escaping...
PT-2026-45726
Name of the Vulnerable Software and Affected Versions Tiled Gallery Carousel Without JetPack versions prior to 3.2 Description The plugin is subject to stored cross-site scripting due to insufficient input sanitization and output escaping. Authenticated attackers with contributor level access or...
WordPress plugin Tiled Gallery Carousel Without JetPack 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper validation of annotations from org.opencontainers.image.title in pullArtifact methods in Registry and OCILayout. An attacker can manipulate this annotation to create a path that escapes the output...
WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability
WordPress Better Find and Replace - AI-Powered Suggestions plugin = 1.7.9 - Authenticated Author+ Stored Cross-Site Scripting via Uploaded Image Title vulnerability discovered by kai63001 in WordPress Plugin Better Find and Replace versions = 1.7.9...
CVE-2026-3369
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-3369
The CVE-2026-3369 entry describes a Stored XSS in the WordPress plugin Better Find and Replace – AI-Powered Suggestions up to version 1.7.9 due to insufficient input sanitization and output escaping. The vulnerability can be exploited by authenticated attackers with author-level access+ , who can...
CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
PT-2026-33308
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-14796 My Album Gallery <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title
The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment-title' attribute. This makes it possible for authenticated...
WordPress My Album Gallery plugin <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Image Title vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin My Album Gallery versions = 1.0.4...
EUVD-2025-36019
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...
CVE-2025-62921
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a through = 2.0.1...