CVE-2025-12965

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget

The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpactitletag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag name...

WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

WordPress OOPSpam Anti-Spam plugin <= 1.2.53 - Unauthenticated IP Header Spoofing vulnerability

Unauthenticated IP Header Spoofing vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OOPSpam Anti-Spam versions = 1.2.53...

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

CVE-2024-32578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54...

CVE-2024-32578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54...

PT-2024-24699 · 10Web · 10Web Slider

Name of the Vulnerable Software and Affected Versions: 10Web Slider by 10Web versions 1.2.54 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versio...

WordPress Plugin Slider by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Slider by 10Web Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32578 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3808548b6dad Credits Dimas Maulana Required privile...

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...