WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

WordPress plugin Booking Calendar Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-5537 · Codepeople · Codepeople Booking Calendar Contact Form

Name of the Vulnerable Software and Affected Versions: CodePeople Booking Calendar Contact Form versions 1.2.55 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means tha...

PT-2024-37329 · 10Web · Sliderby10Web Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web WordPress plugin version 1.2.55 and earlier Description: The issue concerns the Slider by 10Web WordPress plugin, which does not properly sanitise and escape some of its Slide options. This could allow authenticated users...