8 matches found
📄 WordPress IndieWeb 4.0.5 Cross Site Scripting
WordPress IndieWeb plugin versions 4.0.5 and below suffers from persistent cross site scripting vulnerability. CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS in IndieWeb WordPress Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. Th...
Exploit for CVE-2025-14893
CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS...
CVE-2025-14893
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...
CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...
CVE-2025-14893
CVE-2025-14893 : The IndieWeb WordPress plugin is vulnerable to a stored XSS via the Telephone parameter in all versions up to 4.0.5, with exploitation limited to authenticated attackers holding at least author-level access. The vulnerability allows injection of arbitrary scripts that run when us...
CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter
The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and...
PT-2026-1757
Name of the Vulnerable Software and Affected Versions IndieWeb plugin for WordPress versions through 4.0.5 Description The IndieWeb plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the Telephone...
WordPress IndieWeb plugin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability discovered by Tharadol Suksamran in WordPress Plugin IndieWeb versions = 4.0.5...