5 matches found
CVE-2025-1454
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454 Ninja Pages <= 1.4.2 - Admin+ Stored XSS
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454 Ninja Pages <= 1.4.2 - Admin+ Stored XSS
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-1454
CVE-2025-1454 refers to the WordPress Ninja Pages plugin (versions
PT-2025-21564 · WordPress · Ninja Pages
Name of the Vulnerable Software and Affected Versions: Ninja Pages plugin for WordPress versions 1.4.2 and earlier Description: The issue concerns the Ninja Pages WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as...