CVE-2025-14110

CVE-2025-14110 — WP Js List Pages Shortcodes (WordPress) A stored XSS vulnerability exists in the WP Js List Pages Shortcodes plugin via the class shortcode attribute. Affected versions are up to and including 1.21. Exploitation requires authenticated access at Contributor level or higher. Succes...

CVE-2022-1567

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6...

Malicious Package

Overview sgt-wp-js-log is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

CVE-2022-1567

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6...

Cross site scripting

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6...

CVE-2022-1567 WP JS <= 2.0.6 - Reflected Cross-Site Scripting

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6...

CVE-2022-1567 WP JS <= 2.0.6 - Reflected Cross-Site Scripting

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wpjsadmin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6...

CVE-2022-1567

The CVE-2022-1567 entry concerns the WP-JS WordPress plugin. The wp-js.php script contains the wp_js_admin function which accepts unvalidated user input and echoes it back, enabling reflected Cross-Site Scripting in plugin versions up to and including 2.0.6. The affected component is the wp-js.ph...

WordPress plugin WP-JS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-13966

Name of the Vulnerable Software and Affected Versions WP-JS plugin for WordPress versions up to and including 2.0.6 Description The issue concerns the wp-js.php script in the WP-JS plugin, specifically the wp js admin function, which accepts unvalidated user input and echoes it back to the user...