WordPress plugin External image replace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

GHSA-3633-G6MG-P6QQ SurrealDB memory exhaustion via string::replace using regex

An authenticated user can craft a query using the string::replace function that uses a Regex to perform a string replacement. As there is a failure to restrict the resulting string length, this enables an attacker to send a string::replace function to the SurrealDB server exhausting all the memor...

SurrealDB memory exhaustion via string::replace using regex

An authenticated user can craft a query using the string::replace function that uses a Regex to perform a string replacement. As there is a failure to restrict the resulting string length, this enables an attacker to send a string::replace function to the SurrealDB server exhausting all the memor...

CVE-2025-31081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through = 4.1.5...

CVE-2025-31081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through = 4.1.5...

CVE-2025-31081 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Reflected XSS. This issue affects Enable Media Replace: from n/a through 4.1.5...

CVE-2025-31081

CVE-2025-31081: Reflected XSS in Enable Media Replace (WordPress plugin) due to improper input neutralization during web page generation. Affected: Enable Media Replace versions up to and including 4.1.5. CVSSv3.1 base score 7.1 (HIGH). Remediation: upgrade to version 4.1.5 or later. The connecte...

CVE-2025-31081 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through = 4.1.5...

WordPress plugin Enable Media Replace 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-14403 · Shortpixel · Shortpixel Enable Media Replace

Name of the Vulnerable Software and Affected Versions: ShortPixel Enable Media Replace versions n/a through 4.1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables an...

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the RegExp.prototype@@replace method. An attacker can execute arbitrary JavaScript code by manipulating the input to...

CVE-2025-30535

Cross-Site Request Forgery CSRF vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through = 1.0.8...

CVE-2025-30612

Cross-Site Request Forgery CSRF vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through = 1.3...

CVE-2025-30612

Cross-Site Request Forgery CSRF vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through = 1.3...

CVE-2025-30535

Cross-Site Request Forgery CSRF vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through = 1.0.8...

CVE-2025-30612

CVE-2025-30612 affect: Replace Default Words (WordPress plugin). Issue: Cross-Site Request Forgery (CSRF) can lead to Stored Cross-Site Scripting (stored XSS). Affected range: affected from n/a through 1.3. CVSS 3.1 base score 7.1 (HIGH) with vectors: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. Public d...

CVE-2025-30612 WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through = 1.3...

CVE-2025-30535 WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through = 1.0.8...

CVE-2025-30535

CVE-2025-30535 technical details are not publicly provided in the supplied documents. Monitor for updates from vendors and advisories.

WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Replace Default Words versions = 1.3...