CVE-2026-2505

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

CVE-2026-2505 Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'z_taxonomy_image' Shortcode

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

CVE-2026-2505

The CVE-2026-2505 entry concerns the WordPress Categories Images plugin (versions

EUVD-2026-23672

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

CVE-2026-2505 Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'z_taxonomy_image' Shortcode

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

CVE-2026-2505

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

EUVD-2008-2766

Malware in sbrugna...

WordPress plugin Category and Taxonomy Image 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Category and Taxonomy Image plugin <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Category and Taxonomy Image versions = 1.0.0...

CVE-2024-9425

The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adtaximage shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-39624 · WordPress · Advanced Category/Custom Taxonomy Image

Name of the Vulnerable Software and Affected Versions: Advanced Category and Custom Taxonomy Image plugin for WordPress versions up to, and including, 1.0.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin Advanced Category and Custom Taxonomy Image 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution

The taxonomyimage module allows site administrators to associate images with taxonomy terms. The module did not sufficiently filter retrieval of taxonomy images, allowing users to bypass Drupal's normal file upload protections to install malicious HTML or executable code to the server. This...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2773

CVE-2008-2773 is a cross-site scripting (XSS) vulnerability in the Drupal Taxonomy Image module, affecting 5.x before 5.x-1.3 and 6.x before 6.x-1.3. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The vulnerability description does not specify ex...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

SA-2008-033 - Taxonomy Image - Cross site scripting

The contributed module Taxonomy Image allows the display of images associated with taxonomy terms. Several values are displayed without being escaped, which enables users to inject arbitrary HTML and script code on pages Cross Site Scripting. This may lead to administrator access. Versions affect...