VYPR

Kia Subtitle

by WordPress

CVEs (2)

  • CVE-2026-7509MedMay 22, 2026
    risk 0.42cvss 6.4epss 0.00

    The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user…

  • CVE-2022-1393MedMay 16, 2022
    risk 0.35cvss 5.4epss 0.01

    The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is not sanitized when…