377 matches found
CVE-2026-0561 Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter
The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2026-0561
CVE-2026-0561 affects the Shield Security plugin for WordPress up to version 21.0.8. It enables unauthenticated, reflected Cross-Site Scripting via the 'message' parameter due to insufficient input sanitization and output escaping. The impact is described as injecting arbitrary web scripts on pag...
WordPress plugin Shield Security 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20627
The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2025-6460
The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-6460
The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-6460
CVE-2025-6460 relates to the WordPress plugin Display During Conditional Shortcode. The vulnerability is a stored cross-site scripting (XSS) via the message parameter in all versions up to and including 1.2, enabling authenticated users with Contributor+ privileges to inject scripts that execute ...
CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter
The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-6460 Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter
The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-20258
Name of the Vulnerable Software and Affected Versions Display During Conditional Shortcode plugin for WordPress versions prior to 1.3 Description The software is susceptible to Stored Cross-Site Scripting through the message parameter. Insufficient input sanitization and output escaping allow...
WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...
CVE-2026-1164
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2026-1164
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2026-1164
CVE-2026-1164 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Easy Voice Mail (versions up to and including 1.2.5). An authenticated attacker with at least Administrator-level access can inject arbitrary scripts via the message parameter, which are executed when user...
CVE-2026-1164 Easy Voice Mail <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message'
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2026-1164 Easy Voice Mail <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message'
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
PT-2026-8049
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-70954
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...
CVE-2026-0743
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0743 WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...