8 matches found
CVE-2025-14797
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
CVE-2025-14797
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
CVE-2025-14797
CVE-2025-14797 is a Stored Cross-Site Scripting (Stored XSS) vulnerability in the WordPress plugin “Same Category Posts” (
CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
WordPress Same Category Posts plugin <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Widget Title Placeholder vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Same Category Posts versions = 1.1.19...
WordPress plugin "Same Category Posts" – Cross-site scripting vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-4570
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialchars decode on taxonomy term names before output, which decodes HTML entitie...