11 matches found
CVE-2025-67541
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through = 1.05...
CVE-2025-67541
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through = 1.05...
CVE-2025-67541 WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through = 1.05...
CVE-2025-67541 WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through = 1.05...
CVE-2022-4825
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4825
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4825 WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4825
The CVE-2022-4825 entry concerns the WP-ShowHide WordPress plugin, affected versions are those before 1.05. The root cause is inadequate validation/escaping of shortcode attributes, allowing Stored XSS from inputs rendered on pages. Impact noted: attackers with low privileges (Contributor) could ...
WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
WordPress WP-ShowHide Plugin < 1.05 is vulnerable to Cross Site Scripting (XSS)
Software WP-ShowHide Type Plugin Vulnerable versions 1.05 Fixed in 1.05 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4825 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5336dccd451c Credits Lana Codes Required...