23 matches found
CVE-2025-12710
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
EUVD-2025-198113
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-12710
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-12710 Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-12710
CVE-2025-12710 affects the WordPress plugin Pet-Manager – Petfinder (tier-management-petfinder) up to version 3.6.1. It is a Stored Cross‑Site Scripting vulnerability via the kwm-petfinder shortcode caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploit...
CVE-2025-12710 Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
PT-2025-47431
The Pet-Manager – Petfinder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kwm-petfinder shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress plugin Pet-Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
WordPress Pet-Manager – Petfinder plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via kwm-petfinder Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pet-Manager – Petfinder versions = 3.6.1...
EUVD-2022-15779
Malicious code in bioql PyPI...
CVE-2022-0702
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress Petfinder Listings plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Petfinder Listings plugin 1.0.18 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the...
CVE-2022-0702
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0702
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0702
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0702
CVE-2022-0702 affects the WordPress Petfinder Listings plugin up to version 1.0.18 (and reported through 1.0.19 by PatchStack). The vulnerability stems from not escaping the plugin’s settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_h...
CVE-2022-0702 Petfinder Listings <= 1.0.18 - Admin+ Stored Cross-Site Scripting
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Petfinder Listings plugin 1.0.18 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the...
Petfinder Listings < 1.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the text field settings of the plugin such as 'Your Petfinder API Key v1.0': "...