CVE-2025-28906 WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thiago S.F. Skitter Slideshow wp-skitter-slideshow allows Stored XSS.This issue affects Skitter Slideshow: from n/a through = 2.5.2...

CVE-2025-28906

CVE-2025-28906 concerns the WordPress plugin Skitter Slideshow (versions up to and including 2.5.2). The issue is a Stored XSS caused by insufficient input sanitization and output escaping. Exploitation requires authenticated administrator+ access, enabling injection of stored scripts that could ...

PT-2025-10942

Name of the Vulnerable Software and Affected Versions: Thiago S.F. Skitter Slideshow versions 2.5.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can injec...

CVE-2025-24646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc XML for Avito xml-for-avito allows Reflected XSS.This issue affects XML for Avito: from n/a through = 2.5.2...

WordPress plugin XML for Avito 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Caesar Evan Santoso in WordPress Plugin Internal Links Manager versions = 2.5.2...

PT-2025-5499 · Webraketen · Webraketen Internal Links Manager

Name of the Vulnerable Software and Affected Versions: webraketen Internal Links Manager versions 2.5.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in webraketen Internal Links Manager, which allows exploiting incorrectly configured access control securi...

WordPress plugin a Gateway for Pasargad Bank on WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin a Gateway for Pasargad Ban...

WordPress a Gateway for Pasargad Bank on WooCommerce Plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin a Gateway for Pasargad Bank on WooCommerce versions = 2.5.2...

CVE-2025-22827

CVE-2025-22827 is described as a DOM-based Cross-Site Scripting vulnerability in the WP Joomag WordPress plugin, affecting WP Joomag versions from n/a up to 2.5.2. The Red Hat CVE page confirms the same ID and vulnerability context. The connected EUVD entry mentions related content but does not p...

CVE-2025-22827 WordPress WP Joomag plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in joomag WP Joomag wp-joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through = 2.5.2...

WordPress plugin Skyword API Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Joomag 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-1711 · WordPress · Skyword Api Plugin

Name of the Vulnerable Software and Affected Versions: Skyword API Plugin for WordPress versions up to, and including, 2.5.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'skyword iframe' shortcode due to insufficient input sanitization and output escaping on...

WordPress WP Joomag plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Joomag versions = 2.5.2...

CVE-2023-47762

Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2...

WordPress plugin BetterDocs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-54675

app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow...

WordPress plugin Fast Video and Image Display 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

GHSA-99W8-C5F6-96PP CSRF leading to delete account in wallabag/wallabag

wallabag version 2.5.2 contains a Cross-Site Request Forgery CSRF vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4...