Zephyrwest

Category Posts Widget

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-1453

Exploit
  • EPSS 0.03%
  • Veröffentlicht 24.04.2025 06:00:02
  • Zuletzt bearbeitet 07.05.2025 19:11:47

The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-9638

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.01.2025 06:15:18
  • Zuletzt bearbeitet 14.05.2025 16:09:26

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-6158

Exploit
  • EPSS 0.14%
  • Veröffentlicht 12.08.2024 13:38:38
  • Zuletzt bearbeitet 27.05.2025 21:07:52

The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where t...