CVE-2024-13721 Plethora Plugins Tabs + Accordions <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor

The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13721 Plethora Plugins Tabs + Accordions <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor

The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13721

CVE-2024-13721 affects the Plethora Plugins Tabs + Accordions WordPress plugin (versions

WordPress plugin Plethora Plugins Tabs + Accordions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-2257 · WordPress · Plethora Plugins Tabs + Accordions

Name of the Vulnerable Software and Affected Versions: Plethora Plugins Tabs + Accordions plugin for WordPress versions up to, and including, 1.1.8 Description: The issue is related to Stored Cross-Site Scripting via the anchor parameter due to insufficient input sanitization and output escaping...

PT-2025-1603 · WordPress · The Quiz Maker Business +2

Name of the Vulnerable Software and Affected Versions: The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier Business The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier Developer The Quiz Maker Business,...

CVE-2025-24709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions plethora-tabs-accordions allows Stored XSS.This issue affects Plethora Plugins Tabs + Accordions: from n/a through = 1.1.5...

CVE-2025-24703

Server-Side Request Forgery SSRF vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through = 3.0.33...

CVE-2025-24726 WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 1.2.1...

CVE-2025-24703 WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33...

CVE-2025-24709

CVE-2025-24709: Stored XSS in Plethora Plugins Tabs + Accordions (

CVE-2025-24709 WordPress Plethora Plugins Tabs + Accordions plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions plethora-tabs-accordions allows Stored XSS.This issue affects Plethora Plugins Tabs + Accordions: from n/a through = 1.1.5...

WordPress Plethora Plugins Tabs + Accordions plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Plethora Plugins Tabs + Accordions versions = 1.1.5...

CVE-2024-13354

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. Thi...

PT-2025-5523 · Unknown · Plethora Plugins Tabs + Accordions

Name of the Vulnerable Software and Affected Versions: Plethora Plugins Tabs + Accordions versions 1.1.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress plugin Plethora Plugins Tabs + Accordions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

ECOVACS HOME mobile app plugins 信任管理问题漏洞

The ECOVACS HOME mobile app plugins is a mobile app plugin from ECOVACS, China. A security vulnerability exists in the ECOVACS HOME mobile app plugins that stems from the mobile app plugin not properly validating TLS certificates. An unauthenticated attacker could read or modify TLS traffic and...

Jenkins plugins Multiple Vulnerabilities (2025-01-22)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins OpenId Connect Authentication Plugin 4.452.v2849bd3945fa and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as...

PT-2025-2634 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue concerns a path traversal vulnerability. This could allow operators to download files from a local repository that is vulnerable to path traversal attacks...