4 matches found
CVE-2025-12151
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12151
The CVE-2025-12151 entry concerns the WordPress Simple Folio plugin. Multiple sources confirm a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to and including 1.1.0, exploitable by authenticated attackers with Subscriber-level access and above via the portfolio_name parameter...
CVE-2025-12151 Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
PT-2025-48226
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio name' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...