17 matches found
EUVD-2026-32737
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...
CVE-2026-7660 Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...
CVE-2026-7660
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...
CVE-2026-7660 Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...
CVE-2026-7660
The CVE concerns the Easy Updates Manager WordPress plugin (up to version 9.0.20). It is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter due to insufficient input sanitization and output escaping in the pagination() function, enabling injected scripts to run in pages when a...
PT-2026-44205
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...
CVE-2025-12580
The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12580
The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12580 SMS for WordPress <= 1.1.8 - Reflected Cross-Site Scripting
The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12580
CVE-2025-12580 concerns the WordPress plugin SMS for WordPress (sms4wp). It describes a Reflected Cross-Site Scripting vulnerability via the paged parameter in all versions up to and including 1.1.8, caused by insufficient input sanitization and output escaping. The vulnerability is exploitable b...
CVE-2025-12580 SMS for WordPress <= 1.1.8 - Reflected Cross-Site Scripting
The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2025-45068
Name of the Vulnerable Software and Affected Versions SMS for WordPress plugin versions up to and including 1.1.8 Description The SMS for WordPress plugin is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attacke...
WordPress plugin SMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2019-13989 · Modern Tribe · The Events Calendar
Name of the Vulnerable Software and Affected Versions: the-events-calendar plugin versions prior to 4.8.2 Description: The issue is related to a Cross-Site Scripting XSS flaw. The tribe paged URL parameter is vulnerable to XSS attacks. Recommendations: For versions prior to 4.8.2, update to versi...
WordPress Thank You Counter Button Plugin <= 1.8.2 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Vulnerable parameter is "paged". Solution Update plugin...
WordPress 2.0.2 - 2.0.4 Paged Parameter SQL Injection
...
DEBIAN-CVE-2006-3389
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any...