13 matches found
CVE-2026-8841
The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...
CVE-2025-13676
The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHPSELF server variable. This makes it possible for unauthenticated attackers to...
CVE-2025-10163
Summary: WordPress plugin List category posts (versions
PT-2025-49347
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-60181
Server-Side Request Forgery SSRF vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...
WordPress Author: Munzir plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Author: Munzir versions = 0.9...
CVE-2025-43832
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through = 0.6...
CVE-2025-27337
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kontur Fontsampler fontsampler allows Reflected XSS.This issue affects Fontsampler: from n/a through = 0.4.14...
CVE-2025-31558
TailPress (TailPress – Tailwind for WordPress) vulnerability CVE-2025-31558 affects TailPress versions up to and including 0.4.4. The issue is described as an Insertion of Sensitive Information into Externally-Accessible File or Directory, enabling retrieval of embedded sensitive data. The availa...
WordPress DigiPass plugin <= 0.3.0 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin DigiPass versions = 0.3.0...
WordPress Menu Icons by ThemeIsle plugin <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.13...
CVE-2021-34649
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2...
ALPINE-CVE-2017-7506
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...