Vulnerability history

Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' vulnerability

Admin+ Stored XSS vulnerability

Authenticated (Author+) Insecure Direct Object Reference vulnerability

Reflected Cross-Site Scripting via login_url Parameter vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link vulnerability

Admin+ Stored XSS vulnerability

Missing Authorization to Authenticated (Contributor+) Post Publication vulnerability

Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode vulnerability

Cross-Site Request Forgery (CSRF) To Post Contents Modification vulnerability

Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability

Broken Access Control vulnerability

Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Admin+ Stored XSS vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting via Button vulnerability

Author+ Stored XSS vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting via meta fields vulnerability

Broken Access Control vulnerability

Author+ Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability

Unprotected AJAX and Nonce Disclosure to Stored Cross-Site Scripting (XSS)