CVE-2025-12965

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

EUVD-2025-203075

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

WordPress plugin Magical Posts Display 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2024-36907

Malicious code in bioql PyPI...

EUVD-2025-24688

Malicious code in bioql PyPI...

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

CVE-2025-54706

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

CVE-2025-54706 WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52...

CVE-2025-54706 WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through = 1.2.52...

WordPress plugin Magical Posts Display 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-33258 · WordPress · Magical Posts Display

Name of the Vulnerable Software and Affected Versions: Magical Posts Display versions 1.0.0 through 1.2.52 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update Magical Posts Display to...

CVE-2024-37951

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38...

CVE-2024-37951

CVE-2024-37951 is a stored Cross‑Site Scripting vulnerability in the WordPress plugin ** Magical Posts Display – Elementor & Gutenberg Posts Blocks**. It affects the product as listed: Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38. The issue arises from impro...

WordPress Magical Posts Display plugin <= 1.2.38 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Magical Posts Display versions = 1.2.38...