4 matches found
CVE-2025-58239
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through = 1.9...
PT-2025-38904
Name of the Vulnerable Software and Affected Versions Chandrika Sista WP Category Dropdown versions through 1.9 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-Site Scripting issue. This allows for the injection of...
CVE-2024-8103 WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-8103 WP Category Dropdown <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter
The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...