Filtered by vendor Mpl-publisher
Subscriptions
Filtered by product Mpl-publisher
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46226 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-05-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0. | ||||
| CVE-2021-39343 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-04-25 | 5.5 Medium |
| The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
Page 1 of 1.