CVE-2026-1834

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

WordPress plugin Ibtana – WordPress Website Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2024-8282 Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. Thi...

CVE-2024-8282 Ibtana – WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. Thi...

CVE-2024-5541

CVE-2024-5541 affects the Ibtana – WordPress Website Builder plugin for WordPress (all versions up to 1.2.3.3). Root cause: missing capability check in ibtana_visual_editor_register_ajax_json_endpont, enabling unauthenticated attackers to modify option values (including reCAPTCHA keys). Impact: p...

WordPress Plugin Migrate WordPress Website & Backups Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Website Optimization – Plerdy Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Website Optimization – Plerdy Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5715 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9f6ba7d73b3a Credits Huynh Tien...

WordPress WP Prayer plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WP Prayer WordPress is an application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

Critical WordPress Plugin Flaw Allows Site Takeover

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata and edit...

LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_profile] search field.

Reflected Cross Site Scripting XSS issue on the ldprofile search field. First reported to Learndash on January 14, 2020, and update 3.1.2 to fix it was released same day. This report is based on an email LearnDash sent out to their users on January 14, 2020. From the Original Researcher Jinson...

7 Tips to Increase Your WordPress Security

By Uzair Amir Do you have a Wordpress website? Here are some quick and easy tips to increase your Wordpress security and keep your site safe. This is a post from HackRead.com Read the original post: 7 Tips to Increase Your WordPress Security...

makeuseof.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-628586 Description| Value ---|--- Affected Website:| makeuseof.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

MailPoet Newsletters for WordPress Arbitrary File Upload

The MailPoet Newsletters plugin for WordPress installed on the remote web server is affected by a file upload vulnerability due to a failure to properly authenticate users. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the...

WordPress Website FAQ Plugin v1.0 SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress Website FAQ Plugin v1.0 SQL Injection Date: 6/25/12 Exploit Author: Chris Kellum Vendor Homepage: http://wordpress.org/extend/plugins/website-faq/ Software Link: http://downloads.wordpress.org/plugin/website-faq.zip...