3459 matches found
CVE-2025-8080 Alobaidi Captcha <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-8080
CVE-2025-8080 describes a Stored Cross-Site Scripting (XSS) flaw in the WordPress plugin Alobaidi Captcha (versions up to 1.0.3). The issue stems from insufficient input sanitization and output escaping in the plugin settings, enabling - for authenticated users with administrator-level permission...
PT-2025-33464 · WordPress · Alobaidi Captcha
Name of the Vulnerable Software and Affected Versions: Alobaidi Captcha plugin for WordPress versions up to and including 1.0.3 Description: The Alobaidi Captcha plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the...
MAL-2025-26887 Malicious code in multisite (npm)
The package multisite was found to contain malicious code...
Malicious code in multisite (npm)
The package multisite was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2014-5019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related...
CVE-2025-2799
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes i...
📄 WordPress WP Publications 1.2 Cross Site Scripting
WordPress WP Publication plugin version 1.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage:...
CVE-2025-5275
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping...
CVE-2025-5490
The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2025-3581
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...
CVE-2025-3582
CVE-2025-3582 affects the Newsletter WordPress plugin prior to version 8.85. The issue arises from inadequate sanitisation/escaping of Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Public sources in the provid...
CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...
CVE-2025-49294
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator crawlomatic-multipage-scraper-post-generator allows Retrieve Embedded Sensitive Data.This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through =...
CVE-2025-49293 WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2...
WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
CVE-2025-3584
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...
CVE-2025-3584
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...