WordPress kbucket plugin < 4.1.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin KBucket versions 4.1.5...

WordPress kbucket plugin < 4.1.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin KBucket versions 4.1.6...

CVE-2024-6665

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-6667

The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

CVE-2024-6665

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-6667

The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

CVE-2024-6667 kbucket < 4.1.5 - Reflected XSS

The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

CVE-2024-6667

The CVE-2024-6667 entry concerns the WordPress plugin KBucket: Your Curated Content in WordPress. It states that versions prior to 4.1.5 do not sanitise or escape a parameter before outputting it on the page, leading to a Reflected XSS that could target admins. The CVSS v3.1 base score is 6.1 (Me...

CVE-2024-6667 kbucket < 4.1.5 - Reflected XSS

The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

CVE-2024-6665

The CVE-2024-6665 entry concerns the KBucket WordPress plugin (pre-4.1.6) with insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Public sources identify the affected co...

CVE-2024-6665 kbucket < 4.1.6 - Admin+ Stored XSS

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-6665 kbucket < 4.1.6 - Admin+ Stored XSS

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

PT-2025-21486 · WordPress · The Kbucket: Your Curated Content

Name of the Vulnerable Software and Affected Versions: The KBucket: Your Curated Content in WordPress plugin versions prior to 4.1.5 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being...

CVE-2025-24562

CVE-2025-24562 concerns the WordPress plugin KBucket by Optimal Access Inc. It is a CSRF to Stored XSS vulnerability affecting KBucket versions up to 4.1.6 . The CVSS 3.1 base vector references network attack, low attack complexity, no privileges, and user interaction required, with a base score ...

CVE-2025-24562 WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Optimal Access KBucket kbucket allows Stored XSS.This issue affects KBucket: from n/a through = 4.1.6...