CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

CVE-2025-14907

CVE-2025-14907 – Moderate Selected Posts (WordPress) CSRF vulnerability : The WordPress plugin is vulnerable in versions up to 1.4 due to missing nonce verification in the msp_admin_page() function. This enables unauthenticated attackers to modify plugin settings through forged requests if a site...

CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0800

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0800

CVE-2026-0800 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The vulnerability is an unauthenticated Stored Cross-Site Scripting via custom fields, exploitable on pages that render an injected field. All versions up to and including 20251210...

CVE-2025-14797

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

CVE-2025-14797

CVE-2025-14797 is a Stored Cross-Site Scripting (Stored XSS) vulnerability in the WordPress plugin “Same Category Posts” (

CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...

WordPress Moderate Selected Posts plugin <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Moderate Selected Posts versions = 1.4...

CVE-2026-24406

creationtimestamp| type| source ---|---|--- 2026-01-24 01:20:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md52eqfvb52m 2026-01-24 01:20:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md52ezqg6323 2026-01-24 01:33:59+00:00| seen|...

WordPress Same Category Posts plugin <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Widget Title Placeholder vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Same Category Posts versions = 1.1.19...

PT-2026-4570

The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialchars decode on taxonomy term names before output, which decodes HTML entitie...

WordPress plugin User Submitted Posts cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin: “Moderate Selected Posts” – Cross-Site Request Forgery vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

WordPress plugin "Same Category Posts" – Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2025-52762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...

CVE-2025-69316

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through = 1.0.4.2...