9 matches found
WordPress Twentig plugin <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'featuredImageSizeWidth' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Twentig Supercharged Block Editor versions = 1.9.7...
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
EUVD-2026-16965
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-2602
The CVE-2026-2602 entry concerns the Twentig WordPress plugin. A stored XSS flaw exists in the featuredImageSizeWidth parameter for versions up to 1.9.7 due to insufficient input sanitization and output escaping. Authenticated users with Contributor-level access or higher can inject arbitrary scr...
CVE-2026-2602 Twentig <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'featuredImageSizeWidth'
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
PT-2026-28345
Name of the Vulnerable Software and Affected Versions Twentig plugin for WordPress versions up to and including 1.9.7 Description The Twentig plugin for WordPress is susceptible to Stored Cross-Site Scripting through the featuredImageSizeWidth parameter. Insufficient input sanitization and output...
WordPress plugin Twentig 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...