14 matches found
CVE-2025-12650
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
EUVD-2025-202961
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
CVE-2025-12650 Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
CVE-2025-12650 Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'classname' parameter in the postlist shortcode in all versions up to, and including, 0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes i...
CVE-2025-12650
CVE-2025-12650 corresponds to a stored cross-site scripting vulnerability in the WordPress plugin “Simple post listing.” The Wordfence report details that all versions up to and including 0.2 are affected due to insufficient input sanitization and output escaping on user-supplied attributes. The ...
WordPress plugin Simple post listing 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Simple post listing plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple post listing versions = 0.2...
CVE-2025-7828
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7828
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7828
CVE-2025-7828 affects the WordPress plugin WP Filter & Combine RSS Feeds (versions up to 0.4). Root cause: missing capability check in post_listing_page(), allowing authenticated attackers with Contributor-level access and above to delete feeds (unauthorized modification of data). Public details ...
CVE-2025-7828 WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7828 WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...
PT-2025-34510 · WordPress · Wp Filter & Combine Rss Feeds
Name of the Vulnerable Software and Affected Versions: WP Filter & Combine RSS Feeds plugin for WordPress versions up to and including 0.4 Description: The WP Filter & Combine RSS Feeds plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check...
Advanced Post Listing Shortcode <= 2.8 - CSRF Bypass
The plugin does not properly check for CSRF in its gettextonomy, getterm and gtpagination methods, allowing attacker to make users call them via a CSRF attack...