PT-2026-41454

Name of the Vulnerable Software and Affected Versions Cookie Law Bar version 1.2.1 Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the 'Bar Message' field. These script payloads are injected through the...

CVE-2021-24597

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used...

CVE-2025-4127

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-4127

CVE-2025-4127 affects the WP SEO Structured Data Schema WordPress plugin. Versiones up to 2.7.11 are vulnerable to a Stored Cross-Site Scripting (XSS) via the Price Range parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributo...

Picture Gallery < 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. PoC Enter a XSS payload like " in the "Content URL" field found on the plugin's Settings -...

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...