3459 matches found
EUVD-2025-32266
The TableGen – Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-10053 TableGen – Data Table Generator <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The TableGen – Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-9332
CVE-2025-9332 involves the WordPress plugin Interactive Human Anatomy with Clickable Body Parts (vulnerable up to and including 2.6). The issue is a stored XSS triggered by insufficient input sanitization and output escaping in admin settings, exploitable by authenticated attackers with administr...
EUVD-2025-32276
The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-9332 Interactive Medical Drawing of Human Body <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-9332 Interactive Medical Drawing of Human Body <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-9333 Smart Docs <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-9333 Smart Docs <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-9333
CVE-2025-9333 affects the WordPress plugin Smart Docs. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings for versions up to and including 1.1.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with administrator-lev...
PT-2025-40496
Name of the Vulnerable Software and Affected Versions The Ultimate Multi Design Video Carousel plugin for WordPress versions prior to 1.5 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated...
PT-2025-40466
Name of the Vulnerable Software and Affected Versions TableGen – Data Table Generator plugin for WordPress versions prior to 1.3.2 Description The software is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated...
PT-2025-40495
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
Discourse < 3.5.1 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2025-59337
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
CVE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
CVE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
CVE-2025-59337 Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixe...
CVE-2025-59337
Summary: CVE-2025-59337 affects Discourse prior to 3.5.1. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore, enabling an admin of one multisite deployment to access data or credentials from other sites. Root cause: backup restorati...
CVE-2025-6815
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-40301
Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0 and below Description Discourse is a community discussion platform. A flaw exists where malicious meta-commands could be placed within a backup dump and then executed during the restore process. In environments with...