224 matches found
CVE-2026-42649
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
CVE-2026-42649
CVE-2026-42649 concerns the WordPress plugin Favicon Rotator (versions
EUVD-2026-36817
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
PT-2026-49443
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Favicon Rotator versions = 1.2.11...
CVE-2026-6725
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...
PT-2026-35659
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsm text rotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...
WordPress Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget plugin <= 3.5.6 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget versions = 3.5.6...
CVE-2026-28112
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...
EUVD-2026-9765
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...
CVE-2026-28112
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...
CVE-2026-28112
CVE-2026-28112 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin AllInOne - Banner Rotator (also listed as all-in-one-bannerRotator). The issue affects versions
CVE-2026-28112 WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...
CVE-2026-28112 WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...
CVE-2026-28112
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...
WordPress plugin AllInOne - Banner Rotator 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...