EUVD-2026-23221

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-3369

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

PT-2026-2828

The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp accordion silder save images' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2025-14796

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment-title' attribute. This makes it possible for authenticated...

CVE-2025-14796

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment-title' attribute. This makes it possible for authenticated...

CVE-2025-14796

CVE-2025-14796 (My Album Gallery, WordPress) is a stored XSS via image title in My Album Gallery ≤ 1.0.4. Root cause: insufficient input sanitization and output escaping for the attachment->title attribute. Exploitation requires authenticated access at Author level or higher, enabling script i...

CVE-2025-14796 My Album Gallery <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment-title' attribute. This makes it possible for authenticated...

PT-2026-1639

Name of the Vulnerable Software and Affected Versions My Album Gallery plugin for WordPress versions prior to 1.0.5 Description The My Album Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting through image titles. This occurs because of inadequate input sanitization and...

Linux Distros Unpatched Vulnerability : CVE-2024-34481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page. CVE-2024-34481 Note that Nessus relies on the...

CVE-2024-3894

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

CVE-2024-34481 affects Drupal Wiki prior to 8.31.1 and is described as allowing cross-site scripting (XSS) via comments, captions, and image titles on a Wiki page. The connected sources (Red Hat, Ubuntu, OSV, CVE listings) consistently report the same description. The root cause details are not e...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

PT-2024-25933 · Drupal · Drupal Wiki

Name of the Vulnerable Software and Affected Versions: Drupal Wiki versions prior to 8.31.1 Description: The issue allows for XSS attacks via comments, captions, and image titles of a Wiki page. Recommendations: For versions prior to 8.31.1, update to version 8.31.1 or later to resolve the issue...

UBUNTU-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

SA-CONTRIB-2014-033 - Nivo Slider - Cross Site Scripting

Nivo Slider provides a way to showcase featured content. Nivo Slider gives administrators a simple method of adding slides to the slideshow, an administration interface to configure slideshow settings, and simple slider positioning using the Drupal block system. The module doesn't sufficiently...