145 matches found
CVE-2026-9629
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
CVE-2026-9629
The Canvas plugin for WordPress (Canvas) contains a Stored Cross-Site Scripting vulnerability via the 'tag' parameter in all versions up to 2.5.2 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or higher can inject scripts that e...
EUVD-2026-36648
The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
PT-2026-49087
Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...
CVE-2026-6504
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
EUVD-2026-30261
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2026-6504 Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2026-6504
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
EUVD-2019-20117
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...
CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...
CVE-2019-25696
CVE-2019-25696 – Kados R10 GreenBee SQL injection : The affected product is Kados R10 GreenBee. The vulnerability arises from a flaw in the language_tag parameter that allows attackers to inject SQL and manipulate database queries. Potential impacts are high confidentiality and high integrity com...
PT-2026-30500
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language tag parameter. Attackers can submit malicious SQL statements in the language tag parameter to extract sensitive database information or modify...
CVE-2026-33991
WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...
WeGIA SQL注入漏洞
WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.7 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter idtag in the file html/socio/sistema/deletartag.php, which could lead...
CVE-2026-1397
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
CVE-2026-1397
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...
PT-2026-26810
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the html tag parameter in the PQ Section Title widget. This...
Cross-site Scripting (XSS)
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the taguuid parameter in the /rss/tag/ endpoint, which is reflected in the HTTP response without proper escaping. An attacker can execu...