365 matches found
CVE-2026-57758
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-57758
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-57758 WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
EUVD-2026-41314
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-57758
CVE-2026-57758 corresponds to an unauthenticated CSRF in the WordPress Permalink Manager for WooCommerce plugin, affecting versions
WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.3...
PT-2026-55046
Name of the Vulnerable Software and Affected Versions Permalink Manager for WooCommerce versions prior to 1.0.8.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which can lead to Stored Cross-Site Scripting XSS. CSRF is a flaw that allows an attacker to trick a victi...
CVE-2026-8494
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-8494
CVE-2026-8494 concerns the WordPress plugin Permalink Manager Lite (affected versions up to 2.5.3.3). The issue is a Stored Cross-Site Scripting (XSS) flaw in the admin URI Editor interface, triggered by crafted post titles due to insufficient output escaping. Affected condition requires an attac...
CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-36141
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...
CVE-2026-53740
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...
CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...
CVE-2026-53740
The CVE-2026-53740 entry describes a stored cross-site scripting flaw in Yoast Duplicate Post (through 4.6) where an unescaped post title and permalink is injected into the Classic Editor scheduled republish notice. Attackers can craft a title to cause script execution when an administrator views...
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.11 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Premmerce Permalink Manager for WooCommerce versions = 2.3.11...
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
EUVD-2026-25398
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...