JSON Content Importer < 2.0.10 — Contributor+ Stored XSS (CVE‑2025‑15363)

प्लगइन का नाम	वर्डप्रेस JSON सामग्री आयातक प्लगइन
कमजोरियों का प्रकार	क्रॉस-साइट स्क्रिप्टिंग (XSS)
CVE संख्या	CVE-2025-15363
तात्कालिकता	मध्यम
CVE प्रकाशन तिथि	2026-03-19
स्रोत URL	CVE-2025-15363

JSON Content Importer < 2.0.10 — Contributor+ Stored XSS (CVE‑2025‑15363)

प्रकाशित: 2026-03-19

हांगकांग स्थित सुरक्षा पेशेवरों के रूप में, जिनके पास वर्डप्रेस घटना प्रतिक्रिया में व्यावहारिक अनुभव है, यह पोस्ट CVE‑2025‑15363 (संग्रहीत XSS) का तकनीकी विश्लेषण प्रदान करती है जो JSON सामग्री आयातक प्लगइन के 2.0.10 से पहले के संस्करणों को प्रभावित करती है। उद्देश्य व्यावहारिक है: तंत्र, वास्तविक प्रभाव, पहचान तकनीक, रोकथाम के कदम, और जोखिम को कम करने के लिए दीर्घकालिक सख्ती के उपायों को समझाना जब आप विक्रेता पैच लागू करते हैं।.

त्वरित सारांश (tl;dr)

JSON सामग्री आयातक प्लगइन में संस्करण 2.0.10 से पहले एक संग्रहीत XSS मौजूद है।.
इस भेद्यता का दुरुपयोग योगदानकर्ता विशेषाधिकार या उच्चतर वाले खातों द्वारा किया जा सकता है।.
सफल शोषण के लिए एक विशेषाधिकार प्राप्त उपयोगकर्ता (जैसे, व्यवस्थापक में एक तैयार पोस्ट देखना) द्वारा इंटरैक्शन की आवश्यकता होती है, इसलिए सामाजिक इंजीनियरिंग आमतौर पर शामिल होती है।.
CVSS (रिपोर्ट की गई मान) 6.5 है — योगदानकर्ता भूमिकाओं और सक्रिय संपादक/व्यवस्थापक समीक्षा कार्यप्रवाहों वाले साइटों के लिए मध्यम-उच्च प्रभाव।.
2.0.10 (या बाद में) पर अपडेट करें क्योंकि यह निश्चित समाधान है। यदि आप तुरंत अपडेट नहीं कर सकते हैं, तो नीचे वर्णित अस्थायी शमन लागू करें।.

वर्डप्रेस में संग्रहीत XSS क्यों महत्वपूर्ण है

संग्रहीत XSS खतरनाक है क्योंकि दुर्भावनापूर्ण इनपुट साइट पर स्थायी होता है (पोस्ट, पोस्टमेटा, प्लगइन सेटिंग्स, टिप्पणियाँ, आदि) और बाद में एक पीड़ित के ब्राउज़र के संदर्भ में निष्पादित होता है। वर्डप्रेस में, व्यवस्थापक उपयोगकर्ता सबसे उच्च मूल्य के पीड़ित होते हैं: यदि एक हमलावर एक व्यवस्थापक के सत्र में स्क्रिप्ट निष्पादित कर सकता है, तो साइट पर कब्जा संभव है।.

सामान्य पोस्ट-शोषण परिणाम:

व्यवस्थापक सत्र की चोरी (कुकी/सत्र हाइजैकिंग) जो साइट पर कब्जा करने की ओर ले जाती है।.
JavaScript-प्रेरित क्रियाओं के माध्यम से विशेषाधिकार वृद्धि (नए व्यवस्थापक उपयोगकर्ताओं का निर्माण, AJAX के माध्यम से विकल्प बदलना)।.
स्थायी बैकडोर या वेब शेल की स्थापना।.
साइट आगंतुकों को मैलवेयर या क्रेडेंशियल-हर्वेस्टिंग फॉर्म का वितरण।.
सामग्री इंजेक्शन, SEO स्पैम, और दीर्घकालिक प्रतिष्ठा को नुकसान।.

यह विशिष्ट भेद्यता कैसे काम करती है — उच्च स्तर

एक उपयोगकर्ता जिसके पास योगदानकर्ता (या उच्चतर) क्षमता है, प्लगइन द्वारा प्रदान किए गए एक एंडपॉइंट या UI पर डेटा प्रस्तुत करता है — उदाहरण के लिए, एक आयात क्षेत्र या एक क्षेत्र जहां JSON सामग्री या मार्कअप संग्रहीत है।.
प्लगइन डेटा को बिना उचित रूप से साफ़ किए या उसे सुरक्षित किए बिना बनाए रखता है जब इसे बाद में एक प्रशासन पृष्ठ (या अन्य पृष्ठ जो विशेषाधिकार प्राप्त उपयोगकर्ताओं द्वारा देखा जाता है) के अंदर आउटपुट किया जाता है।.
एक व्यवस्थापक या संपादक डैशबोर्ड (या पूर्वावलोकन) में प्रभावित पृष्ठ खोलता है, और इंजेक्ट किया गया जावास्क्रिप्ट उनके ब्राउज़र में निष्पादित होता है।.
स्क्रिप्ट विशेषाधिकार प्राप्त क्रियाएँ करती है (कुकीज़ का उपयोग करते हुए, व्यवस्थापक AJAX क्रियाएँ कॉल करते हुए, उपयोगकर्ता बनाते हुए, टोकन निकालते हुए), अधिग्रहण या स्थायी समझौता सक्षम करती है।.

मुख्य बिंदु: शोषण के लिए एक विशेषाधिकार प्राप्त उपयोगकर्ता को संग्रहीत पेलोड देखने की आवश्यकता होती है; प्रारंभिक हमलावर को केवल योगदानकर्ता पहुंच की आवश्यकता होती है। यह उन साइटों के लिए महत्वपूर्ण है जो योगदानकर्ता सबमिशन स्वीकार करती हैं या बाहरी स्रोतों से सामग्री आयात करने की अनुमति देती हैं।.

वास्तविक शोषण परिदृश्य

स्वैच्छिक योगदानकर्ता एक समाचार साइट पर ड्राफ्ट प्रस्तुत करते हैं। एक हमलावर एक तैयार JSON पेलोड शामिल करता है जो तब निष्पादित होता है जब एक संपादक ड्राफ्ट की समीक्षा करता है।.
समझौता किया गया ठेकेदार खाता या दुर्भावनापूर्ण ठेकेदार पेलोड को प्लगइन के आयात कार्यक्षमता के माध्यम से प्रदान करता है।.
दूरस्थ JSON/RSS को ग्रहण करने वाली साइटें: एक हमलावर स्रोत को संशोधित करता है या प्लगइन को खिलाए गए पेलोड को इंजेक्ट करता है।.
सामाजिक इंजीनियरिंग: हमलावर एक संपादक से “कृपया मेरी पोस्ट की समीक्षा करें” कहता है, जिससे पेलोड के देखे जाने की संभावना बढ़ जाती है।.

तात्कालिक कार्रवाई चेकलिस्ट - अब क्या करें (0–72 घंटे)

यदि आप JSON सामग्री आयातक चला रहे हैं तो तुरंत प्लगइन को 2.0.10 (या बाद में) अपडेट करें। यह एकमात्र स्थायी समाधान है।.
यदि आप तुरंत अपडेट नहीं कर सकते:
- पैच करने तक प्लगइन को अक्षम या अनइंस्टॉल करें।.
- प्लगइन एंडपॉइंट्स तक पहुंच को प्रतिबंधित करें (नीचे अस्थायी WAF/htaccess उदाहरण देखें)।.
- प्लगइन के साथ बातचीत करने के लिए योगदानकर्ता क्षमता को अस्थायी रूप से हटा दें या योगदानकर्ता भूमिका की क्रियाओं को प्रतिबंधित करें।.
समझौते के संकेतकों (IOCs) के लिए स्कैन करें:
- पोस्ट, पोस्टमेटा और अन्य प्लगइन तालिकाओं में स्क्रिप्ट टैग के लिए खोजें।.
- फ़ाइलों की जांच करें कि क्या नई PHP फ़ाइलें जोड़ी गई हैं या हाल की संशोधन हैं।.
- बनाए गए व्यवस्थापकों या अप्रत्याशित भूमिका परिवर्तनों की तलाश करें।.
यदि आप संदिग्ध गतिविधि का पता लगाते हैं तो सभी व्यवस्थापकों और विशेषाधिकार प्राप्त खातों के लिए पासवर्ड रीसेट करने के लिए मजबूर करें।.
सुनिश्चित करें कि बैकअप उपलब्ध हैं और सुधार से पहले एक ताजा बैकअप लें।.

How to detect if you’ve been targeted / exploited

स्टोर किया गया XSS छिपा हुआ हो सकता है। स्वचालित स्कैन के साथ मैनुअल डेटाबेस क्वेरी और लॉग समीक्षा का उपयोग करें।.

डेटाबेस में स्क्रिप्ट टैग के लिए खोजें:

-- Posts containing script tags
SELECT ID, post_title, post_author, post_date
FROM wp_posts
WHERE post_content LIKE '%


Search for common JS payload patterns:

onerror=
onload=
javascript:

</ul>
<p>Example WP‑CLI command:</p>
<pre><code># Search for "<script" in post content using WP-CLI
wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%<script%';"</code></pre>
<p>Server log review:</p>
<ul>
<li>Look for suspicious POST requests to plugin endpoints such as admin-ajax.php, plugin import endpoints, or unusual REST calls mapping to plugin routes.</li>
<li>Check for requests from unfamiliar IPs or spikes in contributor activity.</li>
</ul>
<p>Browser console evidence: administrators reporting popups, unexpected redirects, or automatic downloads may indicate JS execution.</p>
<p>File system checks:</p>
<pre><code># Find PHP files modified in last 14 days
find /var/www/html -type f -iname '*.php' -mtime -14 -ls</code></pre>
<p>User accounts:</p>
<pre><code>wp user list --role=administrator --fields=ID,user_login,user_email,user_registered
wp user list --role=subscriber --role=contributor --fields=ID,user_login,user_email,user_registered</code></pre>
<h2 id="incident-response-if-you-suspect-compromise">Incident response — if you suspect compromise</h2>
<ol>
<li>Isolate the environment: put the site into maintenance mode or temporarily take it offline; isolate credentials and processes if hosting multiple sites on the same server.</li>
<li>Take a full backup (files + DB) immediately for forensics.</li>
<li>Identify the attack vector and affected records (use the detection queries above).</li>
<li>Clean the site:
<ul>
<li>Remove malicious entries from post_content/postmeta (manually or via clean backups).</li>
<li>Remove injected files and malicious scheduled tasks.</li>
<li>Reinstall core and plugin files from known clean sources.</li>
</ul>
</li>
<li>Reset credentials:
<ul>
<li>Force password reset for all admin users.</li>
<li>Rotate API keys, webhook secrets, and tokens stored on the site.</li>
</ul>
</li>
<li>Verify integrity with malware scans and log inspection for persistence or beaconing.</li>
<li>Restore from a clean backup if necessary.</li>
<li>Review and harden: update the plugin to 2.0.10+, re‑examine user roles and remove unnecessary contributor accounts, and deploy temporary request filtering where needed.</li>
</ol>
<p>If you are unsure at any step, engage a qualified WordPress security professional; persistent backdoors can be subtle and difficult to detect.</p>
<h2 id="short-term-mitigations-and-virtual-patching-waf-rules">Short‑term mitigations and virtual patching (WAF rules)</h2>
<p>If you cannot patch immediately, virtual patching with a properly configured WAF can reduce exposure. The examples below are generic and must be adapted and tested for your environment.</p>
<ol>
<li>Block common XSS payload patterns in requests targeting plugin endpoints:
<ul>
<li>Block if request contains “<script”, “onerror=”, “onload=”, “javascript:”, “svg/onload”, “img/onerror”.</li>
</ul>
</li>
<li>Rate limit POST requests to plugin endpoints and admin AJAX.</li>
<li>Restrict REQUEST_URI patterns that match plugin import paths if those endpoints are unused.</li>
</ol>
<p>Example ModSecurity style rule (adapt to your WAF platform):</p>
<pre><code># Example pattern-based WAF rule — adapt IDs & syntax to your WAF
SecRule REQUEST_URI "@pm /wp-admin/admin.php /wp-admin/admin-ajax.php /wp-json/" \
 "phase:2,t:none,chain,log,deny,msg:'Block potential stored XSS to plugin import endpoints',id:1000001"
  SecRule REQUEST_BODY|ARGS|ARGS_NAMES|XML:/* "@rx (<script\b|onerror\s*=|onload\s*=|javascript:|alert\(|<svg\b.*onload)" \
  "t:none,log,deny,status:403"</code></pre>
<p>Important: pattern matching may produce false positives. Run in log mode initially to tune rules before enforcing deny.</p>
<p>Temporary .htaccess protection for plugin folder:</p>
<pre><code># Deny access to plugin admin endpoints unless from trusted IPs (example)
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_URI} ^/wp-content/plugins/json-content-importer/ [NC]
  # Allow trusted admin IP e.g. 203.0.113.5
  RewriteCond %{REMOTE_ADDR} !^203\.0\.113\.5$
  RewriteRule ^.* - [F,L]
</IfModule></code></pre>
<p>Or deny public access to specific plugin PHP files unless strictly necessary.</p>
<h2 id="hardening-recommendations-long-term">Hardening recommendations (long term)</h2>
<ul>
<li>Keep everything updated — WordPress core, themes, and plugins.</li>
<li>Enforce least privilege: only grant Contributor or higher when required; consider manual approval for new contributors.</li>
<li>Require two‑factor authentication for elevated roles.</li>
<li>Reduce attack surface: uninstall or disable unused plugins, especially those that parse or import remote content.</li>
<li>Sanitize and escape:
<ul>
<li>Perform server‑side sanitization on input that may be output to admin pages.</li>
<li>Ensure plugin output is escaped using esc_html, esc_attr, wp_kses_post where appropriate.</li>
</ul>
</li>
<li>Implement a Content Security Policy (CSP) where compatible to limit inline script execution.</li>
<li>Prefer role‑scoped preview workflows that avoid exposing raw HTML from contributors to admins.</li>
<li>Log and monitor admin activity, file changes, and set up integrity checking (file hashes) and scheduled malware scans.</li>
<li>Harden file permissions and disable file editing by defining DISALLOW_FILE_EDIT in wp-config.php.</li>
<li>Choose plugins with active maintenance and a good security track record.</li>
</ul>
<h2 id="developer-checklist-what-to-fix-in-plugin-code">Developer checklist — what to fix in plugin code</h2>
<p>If you are auditing or maintaining code:</p>
<ul>
<li>Validate and sanitize all user‑controlled input before persisting to the database. Use wp_kses() / wp_kses_post() with a strict allowed set when HTML is expected.</li>
<li>Escape output when rendering in admin pages: esc_html(), esc_attr(), wp_kses_post(). Never echo unescaped HTML coming from untrusted users into admin pages.</li>
<li>Use nonce and capability checks on endpoints that accept input.</li>
<li>Avoid rendering raw JSON or unchecked data inside inline script blocks. If serializing data into JS, use wp_json_encode() and appropriate escaping.</li>
<li>Do not trust user roles alone — add contextual validation where appropriate.</li>
</ul>
<h2 id="useful-detection-cleanup-scripts">Useful detection & cleanup scripts</h2>
<p>Practical queries and commands you can run immediately.</p>
<pre><code>-- Search for "onerror=" and "onload=" in post content
SELECT ID, post_title, post_modified
FROM wp_posts
WHERE post_content LIKE '%onerror=%' OR post_content LIKE '%onload=%' OR post_content LIKE '%javascript:%';

-- Search for "<script" occurrences in postmeta
SELECT post_id, meta_key
FROM wp_postmeta
WHERE meta_value LIKE '%<script%';</code></pre>
<p>WP‑CLI example (use with caution and backups):</p>
<pre><code># Replace dangerous script tags with sanitized entity (backup first)
wp db query "UPDATE wp_posts SET post_content = REPLACE(post_content, '<script', '&lt;script') WHERE post_content LIKE '%<script%';"</code></pre>
<p>A safer approach is to export suspicious records and manually review before mass changes.</p>
<h2 id="why-a-waf-helps">Why a WAF helps</h2>
<p>A properly configured Web Application Firewall provides important short‑term benefits while you update vulnerable components:</p>
<ul>
<li>Virtual patching: block exploit patterns targeting plugin endpoints before the vendor update is applied.</li>
<li>Request inspection: catch and block payloads containing inline scripts, suspicious attributes, or known XSS signatures.</li>
<li>Detection: log and alert on suspicious requests, enabling faster incident response.</li>
</ul>
<p>WAFs are a layer in defense‑in‑depth and not a replacement for patching vulnerable code.</p>
<h2 id="example-waf-rule-logic-to-apply">Example WAF rule logic to apply</h2>
<ul>
<li>Deny POST requests with payloads containing common XSS constructs when targeting the plugin’s import/admin endpoints.</li>
<li>Block requests that include HTTP parameters like content= or json= with <script or onerror= patterns.</li>
<li>Run detection (log) mode first, tune rules to reduce false positives, then enable blocking.</li>
</ul>
<h2 id="practical-configuration-examples">Practical configuration examples</h2>
<ol>
<li>Limit Contributor role capabilities: remove upload_files and other unnecessary capabilities from Contributor.</li>
<li>Sanitize saves globally (temporary mu‑plugin):</li>
</ol>
<pre><code><?php
// Put in an mu-plugin to sanitize post content when saved by contributors
add_action('save_post', 'hk_sanitize_contributor_content', 10, 3);
function hk_sanitize_contributor_content($post_ID, $post, $update) {
  if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return;
  $user = wp_get_current_user();
  if (in_array('contributor', (array)$user->roles)) {
    $clean = wp_kses($post->post_content, wp_kses_allowed_html('post'));
    if ($clean !== $post->post_content) {
      // Prevent infinite loop: remove action, update, re-add
      remove_action('save_post', 'hk_sanitize_contributor_content', 10);
      wp_update_post(array('ID' => $post_ID, 'post_content' => $clean));
      add_action('save_post', 'hk_sanitize_contributor_content', 10, 3);
    }
  }
}
?></code></pre>
<p>This is a temporary mitigation and does not replace the official plugin patch.</p>
<h2 id="post-update-verification">Post‑update verification</h2>
<ol>
<li>Confirm the plugin update applied successfully.</li>
<li>Re‑scan the database for XSS artifacts (script tags, event handlers).</li>
<li>Inspect admin pages where plugin output is shown to confirm values are escaped.</li>
<li>Review access logs for exploitation attempts and confirm any WAF logging shows expected entries.</li>
<li>Rotate admin credentials and API keys if you found evidence of compromise.</li>
</ol>
<h2 id="frequently-asked-questions">Frequently asked questions</h2>
<h3 id="q-im-a-small-blog-with-no-contributors-am-i-at-risk">Q: I’m a small blog with no contributors — am I at risk?</h3>
<p>A: Lower risk, but not zero. If any role beyond Subscriber interacts with the plugin, or if the plugin consumes remote JSON, you may be vulnerable. Update the plugin and review your usage.</p>
<h3 id="q-if-i-uninstall-the-plugin-does-that-remove-the-stored-payload">Q: If I uninstall the plugin, does that remove the stored payload?</h3>
<p>A: Not necessarily. Uninstalling may leave data in the database (options, postmeta). You should search for and remove malicious content in the database regardless of plugin removal.</p>
<h3 id="q-does-this-affect-front-end-only-or-admin-pages-too">Q: Does this affect front end only, or admin pages too?</h3>
<p>A: Stored XSS persists and can execute in any context that renders the malicious data — including admin pages. Admin UI rendering is particularly high risk.</p>
<h2 id="best-practices-recap">Best practices recap</h2>
<ul>
<li>Update the plugin to 2.0.10 immediately.</li>
<li>If you cannot update, disable the plugin, restrict Contributor access, and deploy virtual patches.</li>
<li>Scan the database and files for injected scripts and suspicious changes.</li>
<li>Enforce least privilege and require 2FA for elevated roles.</li>
<li>Implement monitoring, integrity checks, and a layered security posture with logging and regular scans.</li>
</ul>
<h2 id="example-forensic-checklist-what-to-look-for-after-an-exploit">Example forensic checklist (what to look for after an exploit)</h2>
<ul>
<li>New or modified admin users in the last 30 days.</li>
<li>Unexpected scheduled tasks (wp_cron entries calling unknown PHP files).</li>
<li>Database entries in wp_posts/postmeta containing <script> tags or onerror/onload attributes.</li>
<li>Modified core/plugin/theme files, especially if edited outside maintenance windows.</li>
<li>Outbound connections to suspicious IPs or domains (beacons).</li>
<li>Access logs showing POSTs to plugin import endpoints with suspicious payloads.</li>
</ul>
<h2 id="final-thoughts-from-a-hong-kong-security-expert">Final thoughts from a Hong Kong security expert</h2>
<p>Stored XSS that can be inserted by low‑privileged actors is particularly dangerous in CMS environments because it leverages normal human workflows like content review. Social engineering makes exploitation low effort and high impact. Patch as the primary remediation, and simultaneously apply short‑term mitigations — virtual patching, role restrictions, server‑side sanitization, and monitoring — to reduce the risk window.</p>
<p>If you require help implementing rules, running a forensic scan, or performing incident response, engage an experienced WordPress security practitioner. Rapid, careful investigation is critical when you suspect compromise.</p>
<p>Stay vigilant, keep plugins updated, and apply least privilege across content workflows.</p>
<p><em>— Hong Kong WordPress Security Advisory</em></p>
</article>
<p></body><br />
</html></p>

		</div>
		<section class="post-tags"><ul><li><h5 class="title-tags">टैग:</h5></li><li><a href="https://wp-security.org/hi/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section>		<div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="3543" data-share-url="https://wp-security.org/hi/vulnerability-database/community-alert-xss-in-json-importercve202515363/" >

							<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
							<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
						</div>
				
			<div class="pk-share-buttons-items">

										<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">

							<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/hi/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="pk-share-buttons-link" target="_blank">

																	<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
								
								
																	<span class="pk-share-buttons-label pk-font-primary">साझा करें</span>
								
																	<span class="pk-share-buttons-count pk-font-secondary">0</span>
															</a>

							
							
													</div>
											<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">

							<a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%273543%27%3ECommunity%20Alert%20XSS%20in%20JSON%20Importer%28CVE202515363%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/hi/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="pk-share-buttons-link" target="_blank">

																	<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
								
								
																	<span class="pk-share-buttons-label pk-font-primary">ट्वीट</span>
								
																	<span class="pk-share-buttons-count pk-font-secondary">0</span>
															</a>

							
							
													</div>
											<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">

							<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/hi/vulnerability-database/community-alert-xss-in-json-importercve202515363/&media=https://wp-security.org/wp-content/uploads/2026/03/2026-03-19CVE202515363WordPress-JSON-Content-Importer-Plugin-1024x576.jpg" class="pk-share-buttons-link" target="_blank">

																	<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
								
								
																	<span class="pk-share-buttons-label pk-font-primary">इसे पिन करें</span>
								
																	<span class="pk-share-buttons-count pk-font-secondary">0</span>
															</a>

							
							
													</div>
								</div>
		</div>
	

<section class="post-author">

	<div class="authors-compact">

			<div class="author-wrap">
			<div class="author">
				<div class="author-avatar">
					<a href="https://wp-security.org/hi/author/wp-security/" rel="author">
						<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&#038;d=mm&#038;r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/>					</a>
				</div>
				<div class="author-description">
					<h5 class="title-author">
						<span class="fn">
							<a href="https://wp-security.org/hi/author/wp-security/" rel="author">
								WP Security Vulnerability Report							</a>
						</span>
					</h5>
					<p class="note"></p>
									</div>
			</div>
		</div>
	
	</div>

</section>


<div id="disqus_thread"></div>
	</div>

				</div>
			
	
</article>

					<div class="post-prev-next">
						<a class="link-item prev-link" href="https://wp-security.org/hi/vulnerability-database/secure-community-database-reporting-guidenone/">
					<div class="link-content">
						<div class="link-label">
							<span class="link-arrow"></span><span class="link-text"> — पिछला लेख</span>
						</div>

						<h2 class="entry-title">
							Secure Community Database Reporting Guide(None)						</h2>
					</div>
				</a>
							<a class="link-item next-link" href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-advisory-code-embed-xsscve20262512/">
					<div class="link-content">
						<div class="link-label">
							<span class="link-text">अगला लेख — </span><span class="link-arrow"></span>
						</div>

						<h2 class="entry-title">
							Hong Kong Security Advisory Code Embed XSS(CVE20262512)						</h2>
					</div>
				</a>
				</div>
		<section class="post-archive archive-related">

			<div class="archive-wrap">

				
				<div class="title-block-wrap">
					<h5 class="title-block">
						आपको यह भी पसंद आ सकता है					</h5>
				</div>

				<div class="archive-main archive-list  archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">

					
<article class="entry-without-preview post-3498 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/protect-hong-kong-websites-from-plugin-exploitscve20263045/" rel="bookmark">Protect Hong Kong Websites From Plugin Exploits(CVE20263045)</a></h2><ul class="post-meta"><li class="meta-date">मार्च 17, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							Broken Access Control in WordPress Simply Schedule Appointments Plugin						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-2150 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/community-advisory-bookory-theme-local-file-inclusioncve202568530/" rel="bookmark">Community Advisory Bookory Theme Local File Inclusion(CVE202568530)</a></h2><ul class="post-meta"><li class="meta-date">जनवरी 5, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							Local File Inclusion in WordPress Bookory Theme						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-2673 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/protecting-hong-kong-websites-from-video-xsscve20261608/" rel="bookmark">Protecting Hong Kong Websites from Video XSS(CVE20261608)</a></h2><ul class="post-meta"><li class="meta-date">फ़रवरी 9, 2026</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							Cross Site Scripting (XSS) in WordPress Video Onclick Plugin						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-2106 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/securing-wordpress-terms-against-data-exposurecve202562139/" rel="bookmark">Securing WordPress Terms Against Data Exposure(CVE202562139)</a></h2><ul class="post-meta"><li class="meta-date">दिसम्बर 31, 2025</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							Sensitive Data Exposure in WordPress Terms descriptions Plugin						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-1591 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-advisory-wordpress-blindmatrix-lficve202510406/" rel="bookmark">Hong Kong Security Advisory WordPress BlindMatrix LFI(CVE202510406)</a></h2><ul class="post-meta"><li class="meta-date">अक्टूबर 16, 2025</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							WordPress BlindMatrix e-Commerce plugin &lt; 3.1 - Contributor+ LFI vulnerability						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>

<article class="entry-without-preview post-1684 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
	<div class="post-outer">
		
		
		<div class="post-inner">
			<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div>			<header class="entry-header">
				<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/public-security-advisory-events-calendar-sql-injectioncve202512197/" rel="bookmark">Public Security Advisory Events Calendar SQL Injection(CVE202512197)</a></h2><ul class="post-meta"><li class="meta-date">नवम्बर 8, 2025</li></ul>			</header>

							<div class="entry-details">
											<div class="entry-excerpt">
							WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability						</div>
					
									</div>
			
		</div><!-- .post-inner -->

	</div><!-- .post-outer -->
</article>
				</div>

			</div>

		</section>
	
	
	
			
			
		</main>

		
	</div><!-- .content-area -->


						
					</div><!-- .main-content -->

					
				</div><!-- .cs-container -->

				
			</div><!-- .site-content -->

			
			
			<footer id="colophon" class="site-footer">
									<div class="footer-subscribe">
						<div class="cs-container">
							<div class="subscribe-wrap">
															</div>
						</div>
					</div>
					
				
				<div class="footer-info">

					<div class="cs-container">

						<div class="site-info">

							<div class="footer-col-info">
																	<span class="site-title footer-title" href="https://wp-security.org/hi/" rel="home">
										
										<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png"  alt="WP Security" >									</span>
																										<div class="footer-copyright">
										© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.									</div>
																</div>

							
							
						</div>

					</div>

				</div>

			</footer>

			
		</div>

	</div><!-- .site-inner -->

	
</div><!-- .site -->


<template id="tp-language" data-tp-language="hi_IN"></template><script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/hi/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/hi/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
			<a href="#top" class="pk-scroll-to-top">
				<i class="pk-icon pk-icon-up"></i>
			</a>
					<div class="pk-mobile-share-overlay">
							</div>
			
			<script type="text/javascript">
				var _paq = _paq || [];
					_paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
				_paq.push(['trackPageView']);
								(function () {
					var u = "https://analytics2.wpmudev.com/";
					_paq.push(['setTrackerUrl', u + 'track/']);
					_paq.push(['setSiteId', '24942']);
					var d   = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
					g.type  = 'text/javascript';
					g.async = true;
					g.defer = true;
					g.src   = 'https://analytics.wpmucdn.com/matomo.js';
					s.parentNode.insertBefore(g, s);
				})();
			</script>
			<script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce">
    window.wp_kirki = {
        ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php",
        restUrl: "https://wp-security.org/hi/wp-json/",
        siteUrl: "https://wp-security.org",
        apiVersion: "v1",
        postId: "3543",
        nonce: "72270e053a",
        call_from: "",
        templateId: "",
        context: {"id":3543,"type":"post"}
    };
    </script><script type="importmap" id="wp-importmap">
{"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=66c613f68580994bb00a","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=b7d06936b8bc23cff2ad","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" id="@surecart/line-item-note-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" id="@surecart/checkout-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" id="@surecart/cart-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" id="@surecart/order-bumps-js-module"></script>
<script type="application/json" id="wp-script-module-data-@wordpress/interactivity">
{"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}}
</script>
		<div id="fb-root"></div>
		<script async defer crossorigin="anonymous" src="https://connect.facebook.net/hi_IN/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script>
					<script>
					window.scFetchData =
					{"root_url":"https:\/\/wp-security.org\/hi\/wp-json\/","nonce":"72270e053a","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"}				</script>
				<!-- Render the cart. --> <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-d6743c7d wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="width: 525px; font-size:15px;" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-09de181c wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1;" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="कार्ट बंद करें" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> मेरा ऑर्डर देखें</p> <span style="font-size:14px;font-weight:600;line-height:1; border-radius:4px; padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px;" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em;" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-546f3c6d wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-bd3f9bef wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0; margin-top:0;margin-bottom:0;" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-a46423eb wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-eb80f53d wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none;" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" >&nbsp;</div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f8a47911 wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500;" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-c0dd7891 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4269a6fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400;" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> हटाएँ </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">सेटिंग का उपयोग करें</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069; padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em;" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-1ceffb7a wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">आपके लिए सुझाया गया</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-d04bdab2 wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="ऑर्डर बम्प्स पेजिनेशन" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="पिछला पृष्ठ" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="अगला पृष्ठ" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-242c3b10 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-811b0336 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px;" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-42e9c677 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3;" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280; font-size:13px;line-height:1.3;" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-89a94f6a wp-block-group-is-layout-flex"> <div style="font-size:14px;" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500;" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400; border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px; padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em;" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="कार्ट में जोड़ें" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-a63a6252 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-7351673c wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <p style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> उप-योग</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">चेकआउट पर कर और शिपिंग की गणना की गई</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f8a47911 wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4;" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4;" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px;" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/hi/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">चेकआउट</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div> <!-- backdrop --> <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="कार्ट बटन।."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=9e178c9516d1222dc834" id="wp-url-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1" id="wp-hooks-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375" id="wp-i18n-js"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
//# sourceURL=wp-i18n-js-after
</script>
<script id="wp-api-fetch-js-translations">
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2024-02-25 08:05:38+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"hi_IN"},"The response is not a valid JSON response.":["\u092a\u094d\u0930\u0924\u093f\u0915\u094d\u0930\u093f\u092f\u093e \u0935\u0948\u0927 JSON \u092a\u094d\u0930\u0924\u093f\u0915\u094d\u0930\u093f\u092f\u093e \u0928\u0939\u0940\u0902 \u0939\u0948\u0964"],"An unknown error occurred.":["\u090f\u0915 \u0905\u091c\u094d\u091e\u093e\u0924 \u0924\u094d\u0930\u0941\u091f\u093f \u0939\u0941\u0908\u0964"],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["\u092e\u0940\u0921\u093f\u092f\u093e \u0905\u092a\u0932\u094b\u0921 \u0935\u093f\u092b\u0932 \u0930\u0939\u093e\u0964 \u092f\u0926\u093f \u092f\u0939 \u090f\u0915 \u092b\u093c\u094b\u091f\u094b \u092f\u093e \u092c\u0921\u093c\u0940 \u091b\u0935\u093f \u0939\u0948, \u0924\u094b \u0915\u0943\u092a\u092f\u093e \u0907\u0938\u0947 \u0928\u0940\u091a\u0947 \u092a\u0948\u092e\u093e\u0928\u0947 \u092a\u0930 \u0930\u0916\u0947\u0902 \u0914\u0930 \u092a\u0941\u0928\u0903 \u092a\u094d\u0930\u092f\u093e\u0938 \u0915\u0930\u0947\u0902\u0964"],"You are probably offline.":["\u0906\u092a \u0936\u093e\u092f\u0926 \u0911\u092b\u093c\u0932\u093e\u0907\u0928 \u0939\u0948\u0902\u0964"]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} );
//# sourceURL=wp-api-fetch-js-translations
</script>
<script src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=3a4d9af2b423048b0dee" id="wp-api-fetch-js"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/hi/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "72270e053a" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
//# sourceURL=wp-api-fetch-js-after
</script>
<script src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381" id="wp-dom-ready-js"></script>
<script id="wp-a11y-js-translations">
( function( domain, translations ) {
	var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
	localeData[""].domain = domain;
	wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2024-02-25 08:05:38+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"hi_IN"},"Notifications":["\u0938\u0942\u091a\u0928\u093e\u090f\u0902"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} );
//# sourceURL=wp-a11y-js-translations
</script>
<script src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed" id="wp-a11y-js"></script>
<script id="trp-dynamic-translator-js-extra">
var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"hi_IN","trp_original_language":"en_US","trp_current_language":"hi_IN","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"b3ba52ef04","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]};
//# sourceURL=trp-dynamic-translator-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.1.8" id="trp-dynamic-translator-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.7" id="powerkit-js"></script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.5" id="swv-js"></script>
<script id="contact-form-7-js-before">
var wpcf7 = {
    "api": {
        "root": "https:\/\/wp-security.org\/hi\/wp-json\/",
        "namespace": "contact-form-7\/v1"
    },
    "cached": 1
};
//# sourceURL=contact-form-7-js-before
</script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.5" id="contact-form-7-js"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
//# sourceURL=disqus_count-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4" id="disqus_count-js"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 6.9.4"},"disqusIdentifier":"3543 https://wp-security.org/uncategorized/community-alert-xss-in-json-importercve202515363/","disqusShortname":"wp-security-org","disqusTitle":"Community Alert XSS in JSON Importer(CVE202515363)","disqusUrl":"https://wp-security.org/hi/vulnerability-database/community-alert-xss-in-json-importercve202515363/","postId":"3543"};
//# sourceURL=disqus_embed-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4" id="disqus_embed-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0" id="powerkit-basic-elements-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.2" id="justifiedgallery-js"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
//# sourceURL=powerkit-justified-gallery-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.7" id="powerkit-justified-gallery-js"></script>
<script src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0" id="imagesloaded-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.7" id="glightbox-js"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
//# sourceURL=powerkit-lightbox-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.7" id="powerkit-lightbox-js"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
//# sourceURL=powerkit-opt-in-forms-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.7" id="powerkit-opt-in-forms-js"></script>
<script async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=6.9.4" id="powerkit-pinterest-js"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
//# sourceURL=powerkit-pin-it-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.7" id="powerkit-pin-it-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.7" id="powerkit-scroll-to-top-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.7" id="powerkit-share-buttons-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.2" id="flickity-js"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
//# sourceURL=powerkit-slider-gallery-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.7" id="powerkit-slider-gallery-js"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
//# sourceURL=powerkit-table-of-contents-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.7" id="powerkit-table-of-contents-js"></script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1774098503" id="magnific-popup-js"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
//# sourceURL=sight-block-script-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1774098503" id="sight-block-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/kirki/assets/js/kirki.min.js?ver=6.0.3" id="kirki-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.2" id="colcade-js"></script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3" id="object-fit-images-js"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https://wp-security.org/hi/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"hi_IN"};
//# sourceURL=csco-scripts-js-extra
</script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1" id="csco-scripts-js"></script>
<script src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=6.9.4" id="comment-reply-js" async data-wp-strategy="async" fetchpriority="low"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}}
</script>
<script type="module">
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js
</script>
<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">सूचनाएँ</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>
        <!-- Usermaven - privacy-friendly analytics tool -->
        <script type="text/javascript">
            (function () {
                window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
                var t = document.createElement('script'),
                    s = document.getElementsByTagName('script')[0];
                t.defer = true;
                t.id = 'um-tracker';
                t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
                t.setAttribute('data-key', 'UMZaYew9Sp');
                t.setAttribute('data-autocapture', 'true');                                                t.setAttribute('data-randomize-url', 'true');
                t.src = 'https://u.wp-security.org/lib.js';
                s.parentNode.insertBefore(t, s);
            })();
        </script>
        <!-- / Usermaven -->


        
        
<nav
    class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom"
    style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw"
    role="navigation"
    aria-label="वेबसाइट भाषा चयनकर्ता"
    data-no-translation
>
    
            <div class="trp-language-switcher-inner">
            <div class="trp-language-item trp-language-item__current" title="Hindi" role="button" tabindex="0" aria-expanded="false" aria-label="Change language" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Hindi</span></div>
            <div
                class="trp-switcher-dropdown-list"
                id="trp-switcher-dropdown-list"
                role="group"
                aria-label="उपलब्ध भाषाएँ"
                hidden
 inert
>
                                    <a href="https://wp-security.org/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a>                                    <a href="https://wp-security.org/zh/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="Chinese (Hong Kong)" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></a>                                    <a href="https://wp-security.org/zh_cn/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a>                                    <a href="https://wp-security.org/es/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="Spanish" data-no-translation><span class="trp-language-item-name">Spanish</span></a>                                    <a href="https://wp-security.org/fr/vulnerability-database/community-alert-xss-in-json-importercve202515363/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a>                            </div>
        </div>

    </nav>
	<script type="text/javascript">
		"use strict";

		(function($) {

			$( window ).on( 'load', function() {

				// Each All Share boxes.
				$( '.pk-share-buttons-mode-rest' ).each( function() {

					var powerkitButtonsIds = [],
						powerkitButtonsBox = $( this );

					// Check Counts.
					if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
						return;
					}

					powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
						if ( $( this ).attr( 'data-id' ).length > 0 ) {
							powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
						}
					});

					// Generate accounts data.
					var powerkitButtonsData = {};

					if( powerkitButtonsIds.length > 0 ) {
						powerkitButtonsData = {
							'ids'     : powerkitButtonsIds.join(),
							'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
							'url'     : powerkitButtonsBox.attr( 'data-share-url' ),
						};
					}

					// Get results by REST API.
					$.ajax({
						type: 'GET',
						url: 'https://wp-security.org/hi/wp-json/social-share/v1/get-shares',
						data: powerkitButtonsData,
						beforeSend: function(){

							// Add Loading Class.
							powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
						},
						success: function( response ) {

							if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {

								// Accounts loop.
								$.each( response, function( index, data ) {

									if ( index !== 'total_count' ) {

										// Find Bsa Item.
										var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');

										// Set Count.
										if ( data.hasOwnProperty( 'count' ) && data.count  ) {

											powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
											powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );

										} else {
											powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
										}
									}
								});

								if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
									var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );

									if ( response.total_count ) {
										powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
										powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
									}
								}
							}

							// Remove Loading Class.
							powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
						},
						error: function() {

							// Remove Loading Class.
							powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
						}
					});
				});
			});

		})(jQuery);
	</script>
	</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com

Redis से PhpRedis (v6.3.0) का उपयोग करके 10751 वस्तुएं (1 एमबी) पुनः प्राप्त की गईं।.
-->

JSON इम्पोर्टर में समुदाय अलर्ट XSS (CVE202515363)

JSON Content Importer < 2.0.10 — Contributor+ Stored XSS (CVE‑2025‑15363)

त्वरित सारांश (tl;dr)

वर्डप्रेस में संग्रहीत XSS क्यों महत्वपूर्ण है

यह विशिष्ट भेद्यता कैसे काम करती है — उच्च स्तर

वास्तविक शोषण परिदृश्य

तात्कालिक कार्रवाई चेकलिस्ट - अब क्या करें (0–72 घंटे)

How to detect if you’ve been targeted / exploited