CVE-2025-58876

CVE-2025-58876 is a Stored XSS in the WordPress plugin “Aparat Video Shortcode”. Affected versions are up to 0.2.4 (reported as: Aparat Video Shortcode: from n/a through 0.2.4). The underlying issue is improper input neutralization during web page generation, enabling stored cross-site scripting....

PT-2024-23006 · WordPress · Aparat

Name of the Vulnerable Software and Affected Versions: Aparat for WordPress versions 2.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicio...

WordPress Aparat for WordPress Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Aparat for WordPress Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4af5eaacc1b1 Credits Steven Julian Required privilege...

WordPress Aparat Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Aparat Type Plugin Vulnerable versions = 1.7.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48770 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 40a78f8014e6 Credits Rafshanzani Suhada Required privilege Contributor...