CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

WordPress plugin News Articles 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress News Articles plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin News Articles versions = 1.0.0...

WordPress News Articles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software News Articles Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b2e622b9d30c Credits SOPROBRO Required privilege Contributor...