26 matches found
CVE-2025-14039
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14039 Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14039
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14039 Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-14039
CVE-2025-14039 – Simple Folio (WordPress) Stored XSS : WordPress plugin Simple Folio is vulnerable to stored XSS via the meta fields _simple_folio_item_client_name and _simple_folio_item_link in all versions up to 1.1.1. Exploitation requires authenticated access at Contributor level or higher, e...
WordPress Simple Folio plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Folio versions = 1.1.1...
PT-2026-5064
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' simple folio item client name' and ' simple folio item link' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Simple Folio has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Simple Folio versions = 1.1.0...
CVE-2025-64256
Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through = 1.1.0...
EUVD-2025-202149
Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through = 1.1.0...
CVE-2025-64256
Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through = 1.1.0...
CVE-2025-64256
Technical details for CVE-2025-64256 are not provided in the supplied documents. No vendor/product/version, root cause, or remediation details are disclosed here; monitor for updates from official advisories.
CVE-2025-64256 WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through = 1.1.0...
CVE-2025-64256 WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through = 1.1.0...
PT-2025-49870
CVE-2025-64256 Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a t… https://t.co/Cy0kFNJWOf...
WordPress plugin Simple Folio 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
CVE-2025-12151
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Simple Folio plugin <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Simple Folio versions = 1.1.0...
EUVD-2025-199799
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...