CVE-2026-6646

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dtdefaultbutton' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes it...

PT-2025-8936 · WordPress · Buddyboss Platform

Name of the Vulnerable Software and Affected Versions: The Buddyboss Platform plugin for WordPress versions up to and including 2.7.70 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the link title...

PT-2025-7117 · Hooskcms · Hooskcms

Name of the Vulnerable Software and Affected Versions: hooskcms version 1.8 Description: The issue allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. This is related to a Cross Site Scripting vulnerability. Recommendations: For...

Hoosk 安全漏洞

Hoosk is a lightweight content management system from the individual developers at Havok. A security vulnerability exists in Hoosk version 1.8, which stems from the Link title and Title parameters causing a denial of service by a remote attacker...