2 matches found
CVE-2026-15010
The CVE-2026-15010 entry concerns the bbp Style Pack plugin for WordPress, vulnerable to Stored Cross-Site Scripting (XSS) in versions up to and including 6.4.5 via the Topic Form Additional Fields feature. Root causes are insufficient input sanitization in bsp_topic_fields_form_save(), which wri...
EUVD-2026-43165
The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...