WordPress Category Posts Widget plugin < 4.9.18 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.18...

CVE-2024-11282

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...

WordPress Same but Different – Related Posts by Taxonomy plugin <= 1.0.16 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Same but Different – Related Posts by Taxonomy versions = 1.0.16...

CVE-2024-9638

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638

CVE-2024-9638 affects Category Posts Widget for WordPress (Category Posts Widget) up to version 4.9.17. The issue is improper sanitization/escaping of widget settings, enabling stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multisite). The root cau...

CVE-2024-12288

The CVE-2024-12288 entry concerns the WordPress plugin Simple add pages or posts. Connected Red Hat advisory RH:CVE-2024-12288 confirms a Cross-Site Request Forgery vulnerability in this plugin, arising from missing nonce validation, enabling unauthenticated attackers to update settings and injec...

CVE-2024-43096

creationtimestamp| type| source ---|---|--- 2025-01-07 04:09:13+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lf4ro76fzm2x 2025-01-07 06:46:18+00:00| seen| https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lf52h3ciws26 2025-01-07 09:47:29+00:00| seen|...

CVE-2025-22395

creationtimestamp| type| source ---|---|--- 2025-01-07 03:01:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113784842334985507 2025-01-07 03:15:24+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4onxu4em2c 2025-01-07 03:38:00+00:00| seen|...

PT-2025-1645 · WordPress · Same But Different – Related Posts By Taxonomy

Name of the Vulnerable Software and Affected Versions: Same but Different – Related Posts by Taxonomy plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without...

PT-2025-3730 · WordPress · Category Posts Widget

Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

WordPress plugin Category Posts Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Member Access 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

WordPress Simple add pages or posts plugin <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Simple Add Pages or Posts versions = 2.0.0...

CVE-2025-21613

creationtimestamp| type| source ---|---|--- 2025-01-06 17:16:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n7ej2uw22 2025-01-06 17:49:11+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113782669240994944 2025-01-06 19:26:23+00:00| seen|...

CVE-2024-13145

creationtimestamp| type| source ---|---|--- 2025-01-06 00:37:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113778614006646037 2025-01-06 01:15:24+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lezxihyv4t25 2025-01-06 01:37:35+00:00| seen|...

GHSA-5JH2-6V7C-86VJ

creationtimestamp| type| source ---|---|--- 2025-01-05 01:30:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/35 2025-01-05 01:32:15+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/50 2025-01-05 01:34:55+00:00| published-proof-of-concept|...

CVE-2024-11733

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...