24 matches found
CVE-2025-13856
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-13856
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-13856
CVE-2025-13856 relates to the WordPress plugin Extra Post Images prior to a fixed version. The vulnerability is a stored cross-site scripting (XSS) via the id parameter of the extra-images shortcode, affecting all versions up to 1.0. Exploitation requires authenticated access at Contributor level...
CVE-2025-13856 Extra Post Images <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2025-13856 Extra Post Images <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
WordPress Extra Post Images plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Extra Post Images versions = 1.0...
PT-2025-49346
The Extra Post Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the extra-images shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
WordPress plugin Extra Post Images 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2025-12006
Malicious code in bioql PyPI...
CVE-2025-58255
Cross-Site Request Forgery CSRF vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through = 0.5...
CVE-2025-46536
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue affects Carousel-of-post-images: from n/a through = 1.07...
WordPress Carousel-of-post-images plugin <= 1.07 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Carousel-of-post-images versions = 1.07...
CVE-2025-46536
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue affects Carousel-of-post-images: from n/a through = 1.07...
CVE-2025-46536
CVE-2025-46536 affects the WordPress plugin Carousel-of-post-images up to version 1.07, caused by improper input neutralization during web page generation, enabling DOM-based XSS. Public details in initial and connected sources confirm the affected software and XSS nature; no patched version is c...
CVE-2025-46536 WordPress Carousel-of-post-images plugin <= 1.07 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue affects Carousel-of-post-images: from n/a through = 1.07...
CVE-2025-46536 WordPress Carousel-of-post-images plugin <= 1.07 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue affects Carousel-of-post-images: from n/a through = 1.07...
PT-2025-17837 · Richardharrison · Carousel-Of-Post-Images
Name of the Vulnerable Software and Affected Versions: RichardHarrison Carousel-of-post-images versions 1.07 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means tha...
WordPress plugin Carousel-of-post-images 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Invoke 输入验证错误漏洞
Invoke is a leading creative engine for stabilizing diffusion models open-sourced by InvokeAI. An input validation error vulnerability exists in Invoke version v5.0.2, which stems from an arbitrary file deletion vulnerability in the POST /api/v1/images/delete API...
CVE-2023-2562
The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refreshmetabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post...