3 matches found
PT-2025-33719 · WordPress · Contactmanager
Name of the Vulnerable Software and Affected Versions: Contact Manager plugin for WordPress versions prior to 8.6.6 Description: The Contact Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting via the title parameter. Insufficient input sanitization and output escaping allo...
PT-2025-12560 · WordPress · Metaslider
Name of the Vulnerable Software and Affected Versions: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin versions prior to 3.95.0 Description: The issue allows high privilege users, such as editors, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html...
Class-Name Injection
Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...