CVE-2025-13887

The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...

PT-2026-1611

Name of the Vulnerable Software and Affected Versions AI BotKit – AI Chatbot & Live Support for WordPress plugin versions through 1.1.7 Description The AI BotKit – AI Chatbot & Live Support for WordPress plugin is susceptible to Stored Cross-Site Scripting. This occurs due to inadequate input...

Linux Distros Unpatched Vulnerability : CVE-2020-13628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to...

PT-2019-7395 · WordPress · Dynamic Widgets

Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a cross-site scripting XSS problem. It can be exploited via the "action=term tree" prefix or the widget id parameter in the "/wp-admin/admin-ajax.php" API endpoin...