6 matches found
CVE-2025-12965
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...
CVE-2025-12965
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...
CVE-2025-12965
CVE-2025-12965 refers to the Magical Posts Display – Elementor Advanced Posts widgets plugin. The Wordfence intelligence entry confirms a stored XSS via the mpac_title_tag parameter in the Magical Posts Accordion widget, affecting all versions up to and including 1.2.54. Root cause: insufficient ...
EUVD-2025-203075
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...
CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...
PT-2025-50922
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpac title tag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag...