8 matches found
CVE-2025-14048
The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconverthash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-14048
The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconverthash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-14048 SimplyConvert <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option
The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconverthash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-14048
CVE-2025-14048 affects the WordPress plugin SimplyConvert (WordPress) with a Stored Cross-Site Scripting (XSS) flaw via the simplyconvert_hash option, in all versions up to 1.0. Exploitation requires authenticated admin-level access, enabling arbitrary script injection that runs on page load. Mul...
CVE-2025-14048 SimplyConvert <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option
The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconverthash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
PT-2025-50848
The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconvert hash' option in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
WordPress plugin SimplyConvert 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress SimplyConvert plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'simplyconverthash' Option vulnerability discovered by Bhumividh Treloges - Siam Thanat Hack Co., Ltd. STH in WordPress Plugin SimplyConvert versions = 1.0...