CVE-2022-50683

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings...

PT-2025-52305

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the form redirect URL configuration. Successful exploitati...

CVE-2024-4900

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post...

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-7133

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site...

WordPress plugin Category Posts Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

PT-2024-37420 · WordPress · Category Posts Widget +1

Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.17 term-and-category-based-posts-widget WordPress plugin versions prior to 4.9.13 Description: The issue concerns the failure to validate and escape certain "Category Posts" widget...

PT-2024-24935 · WordPress · Logo Slider

Name of the Vulnerable Software and Affected Versions: The Logo Slider WordPress plugin versions prior to 4.0.0 Description: The issue concerns the lack of validation and escaping of certain Slider Settings in the plugin, which could allow users with the contributor role and above to perform Stor...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Weather Effect, which stems from the Weather Effect WordPress plugin prior to 1.3.6 not properly validating and escaping some settings e.g. size leaf, flake lea...

CVE-2021-24331

The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did not properly sanitise and validate its settings, such as psbdistance, psbbuttonsize, psbspeed, only validating them client side. This could allow high privilege users such as admin to set XSS payloads in them...