CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mpl-Publisher: >> Mpl-Publisher Security Vulnerabilities

CVE-2025-46226

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a through <= 2.18.0.

CVSS Score

5.4

EPSS Score

0.001

Published

2025-04-22

CVE-2021-39343

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

CVSS Score

5.5

EPSS Score

0.008

Published

2021-10-19

Page 1

Vulnerabilities

Vulnerable Software

Mpl-Publisher: >> Mpl-Publisher Security Vulnerabilities

Products

Pricing

Contact Us