3 matches found
PT-2026-48752
Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...
PT-2026-46333
Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...
CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...