8338 matches found
CVE-2025-2540
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2024-5647
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
OESA-2025-1705 gstreamer1-plugins-good security update
Security Fixes: CVE-2025-47219...
CVE-2025-2537
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 23, 2025 to June 29, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...
CVE-2025-2537
CVE-2025-2537 involves Stored DOM-Based Cross-Site Scripting via the ThickBox JavaScript library (v3.1) in multiple WordPress plugins. The description and connected sources confirm an authenticated attacker with contributor-level access can inject scripts into pages, which execute for users visit...
CVE-2025-2537 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-2540
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2025-2540
CVE-2025-2540 covers a class of stored DOM-based Cross-Site Scripting flaws in WordPress plugins that bundle the prettyPhoto JavaScript library (v3.1.6). The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with co...
CVE-2025-2540 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2025-2540 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
CVE-2024-5647
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-5647
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-5647 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-5647
The CVE-2024-5647 entry documents a Stored DOM‑Based Cross‑Site Scripting vulnerability arising from the Magnific Popup JavaScript library (version 1.1.0) bundled in multiple WordPress plugins (e.g., Robo Gallery, Gutentor, Shortcodes Ultimate, Happy Addons, Divi, etc.). The issue requires authen...
CVE-2024-5647 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
PT-2025-27796 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library. Insufficient input sanitization and output escaping on user-supplied...
WordPress多款产品 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerabilit...
AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2025:7242)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7242 advisory. gstreamer1-plugins-good: OOB-read in qtdemuxparsecontainer CVE-2024-47543 gstreamer1-plugins-good: GStreamer has an OOB-read in gstavisubtitleparsegab2chu...
AlmaLinux 9 : gstreamer1-plugins-base (ALSA-2025:7243)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7243 advisory. gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47542 gstreamer1-plugins-base: GStreamer has an out-of-boun...