41 matches found
CVE-2025-66076
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
CVE-2025-66076
The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...
CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
PT-2026-54960
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Woostify Sites Library versions = 1.6.2...
CVE-2026-4805
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805
CVE-2026-4805 affects the WordPress Woostify theme (versions
EUVD-2026-26005
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
WordPress plugin Woostify 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-35679
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
WordPress Woostify theme <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Woostify versions = 2.5.0...
EUVD-2025-31301
Malicious code in bioql PyPI...
CVE-2025-60101
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...
WordPress Woostify Theme <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress Theme Woostify versions = 2.4.2...
CVE-2025-60101
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...