90 matches found
CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute
The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-3617
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...
CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...
CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...
CVE-2026-3003 Vagaro Booking Widget <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code'
The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vagarocode’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress plugin Paypal Shortcode 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-1754
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2026-8050
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-30547 WordPress Header Image Slider plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3...
CVE-2024-30547 WordPress Header Image Slider plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3...
PT-2026-1492
Name of the Vulnerable Software and Affected Versions Shazdeh Header Image Slider versions through 0.3 Description The Shazdeh Header Image Slider software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. Thi...
WordPress plugin Header Image Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-67485
CVE-2025-67485 affects mad-proxy, a Python-based HTTP/HTTPS proxy. Versions ≤ 0.3 allow attackers to bypass traffic interception rules, potentially exposing sensitive traffic. The issue is reported with no fix at the time of publication. No exploitation details are provided in the sources beyond ...
mad-proxy 安全漏洞
mad-proxy is a web analytics tool from the personal developer Rajeev Sharma. A security vulnerability exists in mad-proxy version 0.3 and earlier, which stems from a vulnerability that allows an attacker to bypass HTTP/HTTPS traffic interception rules, potentially leading to the exposure of...
WordPress Top Friends plugin <= 0.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Ivan Cese in WordPress Plugin Top Friends versions = 0.3...
PT-2025-45198
Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...
WordPress Folderly plugin <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion vulnerability
Incorrect Authorization to Authenticated Author+ Term Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Folderly versions = 0.3...
CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
PT-2025-44711
Name of the Vulnerable Software and Affected Versions Folderly plugin for WordPress versions through 0.3 Description The Folderly plugin for WordPress has a flaw that allows unauthorized data modification. This is due to an inadequate capability check on the...
EUVD-2006-4098
Malware in sbrugna...