18 matches found
CVE-2026-4078
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
EUVD-2026-25407
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4078
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4078 ITERAS <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4078
CVE-2026-4078: The ITERAS WordPress plugin (versions <= 1.8.2) is vulnerable to Stored XSS via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice). The root cause is insufficient input sanitization and output escaping in combine_attributes(), which co...
PT-2026-34866
The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice in all versions up to and including 1.8.2. This is due to insufficient input sanitization and output escaping in the combin...
WordPress plugin ITERAS 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress ITERAS plugin <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ITERAS versions = 1.8.2...
EUVD-2024-52043
Malicious code in bioql PyPI...
CVE-2024-53710
Cross-Site Request Forgery CSRF vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through = 1.8.0...
CVE-2024-53710
Cross-Site Request Forgery CSRF vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through = 1.8.0...
CVE-2024-53710 WordPress ITERAS plugin <= 1.8.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through = 1.8.0...
CVE-2024-53710 WordPress ITERAS plugin <= 1.7.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0...
CVE-2024-53710
CVE-2024-53710 corresponds to a CSRF to Stored XSS vulnerability in the WordPress ITERAS plugin, affecting versions up to 1.7.0. The CVE entry details an unauthenticated threat that can be triggered via CSRF (UI: required, network access) leading to stored XSS within ITERAS pages. A linked Patchs...
WordPress plugin ITERAS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
WordPress ITERAS plugin <= 1.8.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ITERAS versions = 1.8.0...
WordPress ITERAS Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software ITERAS Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53710 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fe46f5e0e01b Credits SOPROBRO Required privilege...