CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2026-7509

The CVE-2026-7509 affects the WordPress KIA Subtitle plugin (

EUVD-2026-31406

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

PT-2026-42728

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...

CVE-2025-57986

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in husani WP Subtitle wp-subtitle allows Stored XSS.This issue affects WP Subtitle: from n/a through = 3.4.1...

CVE-2025-57986 WordPress WP Subtitle Plugin <= 3.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in husani WP Subtitle allows Stored XSS. This issue affects WP Subtitle: from n/a through 3.4.1...

MAL-2025-18737 Malicious code in dragand-subtitle-plugin (npm)

The package dragand-subtitle-plugin was found to contain malicious code...

Malicious code in dragand-subtitle-plugin (npm)

The package dragand-subtitle-plugin was found to contain malicious code...

CVE-2021-24897

The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2022-1393

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...

WordPress plugin WP Subtitle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to WP Subtitles plugin...

CVE-2021-24897

The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...