Vulnerabilities > MPL Publisher > MPL Publisher > 1.24.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-22 | CVE-2025-46226 | Cross-site Scripting vulnerability in Mpl-Publisher Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ferranfg MPL-Publisher allows Stored XSS. | 5.4 |
| 2021-10-19 | CVE-2021-39343 | Cross-site Scripting vulnerability in Mpl-Publisher The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. | 4.8 |