26 matches found
CVE-2026-9620
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...
CVE-2026-9620 WP Latest Posts <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting via Post Content Image src Attribute
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...
WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...
CVE-2026-1646
The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-1646
The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-1646 Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute
The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-1646
CVE-2026-1646 affects the Advance Block Extend WordPress plugin (versions up to and including 1.0.4). The issue is a Stored Cross-Site Scripting (XSS) in the TitleColor attribute of the Latest Posts Gutenberg block, caused by insufficient input sanitization and output escaping. Exploitation requi...
CVE-2026-1646 Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute
The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the Latest Posts Gutenberg block in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-20638
Name of the Vulnerable Software and Affected Versions Advance Block Extend plugin for WordPress versions through 1.0.4 Description The Advance Block Extend plugin for WordPress has a Stored Cross-Site Scripting issue. This is due to insufficient input sanitization and output escaping in the...
WordPress plugin kallyas 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-4135
CVE-2024-4135 affects the WP Latest Posts WordPress plugin, vulnerable in all versions up to 5.0.7. Unauthenticated attackers can trigger arbitrary shortcodes due to unvalidated user input used by do_shortcode. CVSS v3.1 base score 5.4 (Medium). A patched version exists; remediation is to update ...
WordPress WP Latest Posts plugin <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP Latest Posts versions = 5.0.7...
CVE-2024-4034
The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...
CVE-2024-4034 Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author
The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...
PT-2024-28815 · WordPress · Virtue
Name of the Vulnerable Software and Affected Versions: Virtue theme for WordPress versions up to, and including, 3.4.8 Description: The issue is related to Stored Cross-Site Scripting via a Post Author's name due to insufficient input sanitization and output escaping when the latest posts feature...
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. PoC 1. As one user, create a new password protected post...
CVE-2016-10913
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS...
Cross site scripting
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS...
CVE-2016-10913
The CVE-2016-10913 entry concerns the WordPress plugin wp-latest-posts, specifically versions before 3.7.5. The connected documents confirm a cross-site scripting (XSS) vulnerability in this plugin. The provided sources do not specify the exact root cause, affected file/function, exploitation det...
CVE-2016-10913
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS...