WordPress Core < 6.5.5 - Contributor+ Stored Cross-Site Scripting via HTML API

Contributor+ Stored Cross-Site Scripting via HTML API vulnerability discovered by WordPress Security Team in WordPress core versions 6.5.5...

Untrusted code may be run from an overridden address validator

This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...

WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability

Stored Cross-Site scripting XSS vulnerability found by ThreatPress Research Team in WordPress Mass Pages/Posts Creator plugin versions = 1.2.2. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by ThreatPress Research Team in WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin versions = 1.8. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

FreeBSD : wordpress -- 2 XSS vulnerabilities (d86890da-f498-11e4-99aa-bcaec565249c)

Samuel Sidler reports : The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org including the Twenty Fifteen default theme have been updat...