122 matches found
WordPress Complag plugin <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Complag versions = 1.0.2...
WordPress Like DisLike Voting plugin <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Like DisLike Voting versions = 1.0.1...
EUVD-2025-202976
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
EUVD-2025-203008
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-14138
The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14129
The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13988
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable in the plugin's settings page. This mak...
CVE-2025-14138 WPLG Default Mail From <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-14138 WPLG Default Mail From <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13988
CVE-2025-13988 refers to the WordPress plugin 评论小秘书 (Comments Secretary). It is a Reflected Cross‑Site Scripting vulnerability via the $_SERVER['PHP_SELF'] variable in all versions up to and including 1.3.2, caused by insufficient input sanitization and output escaping on the plugin’s settings pa...
CVE-2025-14125
CVE-2025-14125 (Complag plugin, WordPress) : Reflected XSS via $_SERVER['PHP_SELF'] in Complag versions up to 1.0.2. Root cause: insufficient input sanitization and lack of output escaping. Impact: unauthenticated attackers can inject web scripts into pages that run when a user is tricked into cl...
CVE-2025-14125 Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-14125 Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2025-50856
The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
PT-2025-50855
The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13626
The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-13515
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13894 CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting
The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-13626
The CVE-2025-13626 entry concerns the WordPress plugin myLCO (versions up to and including 0.8.1) with a Reflected Cross-Site Scripting (XSS) vulnerability via $_SERVER['PHP_SELF'] due to insufficient input sanitization and output escaping. Unauthenticated attackers can potentially inject arbitra...
CVE-2025-13515 Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...