5 matches found
CVE-2026-4665
The CVE-2026-4665 entry concerns the WP Carousel Free plugin for WordPress (versions up to 2.7.10). Concrete details from connected documents describe a Stored Cross-Site Scripting flaw in the handling of fancybox data-caption attributes. The root cause is the fancybox-config.js logic reading the...
WordPress plugin Embed Any Document 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Embed Any Document plugin <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Embed Any Document versions = 2.7.10...
CVE-2024-41613
A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...
PT-2023-31100 · Unknown · Fabio Marzocca List All Posts By Authors
Name of the Vulnerable Software and Affected Versions: Fabio Marzocca List all posts by Authors, nested Categories and Titles versions 2.7.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allo...