3 matches found
CVE-2025-14797
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
CVE-2025-14797 Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to the use of htmlspecialcharsdecode on taxonomy term names before output, which decodes HTML entities...
CVE-2025-14797
CVE-2025-14797 is a Stored Cross-Site Scripting (Stored XSS) vulnerability in the WordPress plugin “Same Category Posts” (