28 matches found
CVE-2026-53987
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
CVE-2026-53987
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
CVE-2026-53987 GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
CVE-2026-53987
GLPI 11 before 2.14.4 is affected by a stored XSS in the Tag plugin's Kanban badge rendering. The Tag plugin stores tag names without HTML sanitization and injects them into Kanban badges via PluginTagTag::preKanbanContent(), without escaping output. An authenticated user with TAG MANAGEMENT crea...
EUVD-2026-33899
The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2026-9722
The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the addOptionsPageFields function. This makes it possible for unauthenticated attackers to update the plugin's...
WordPress Pinterest Site Verification plugin using Meta Tag plugin <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'postvar' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Pinterest Site Verification plugin using Meta Tag versions = 1.8...
CVE-2025-62983 WordPress Posts By Tag plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through = 3.2.1...
EUVD-2023-27958
Malicious code in bioql PyPI...
CVE-2023-23875
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...
WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)
Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...
CVE-2023-5567
The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5567
The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
PT-2023-32182 · WordPress · Qr Code Tag
Name of the Vulnerable Software and Affected Versions: QR Code Tag plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'qrcodetag' shortcode, allowing authenticated...
WordPress Plugin QR Code Tag Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-23875
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...
CVE-2023-23875
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...
CVE-2023-23875 WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin = 1.0 versions...
CVE-2023-23875
CVE-2023-23875 describes an authentication-required Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin combination “Bing Site Verification plugin using Meta Tag” (v