371 matches found
CVE-2025-23743
CVE-2025-23743 refers to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Social Analytics (Martijn Scheybeler) that enables Stored XSS. The CVE description and the Red Hat entry both confirm the issue and its association with Social Analytics; affected version scope is S...
CVE-2025-23743 WordPress Social Analytics plugin <= 0.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in MartijnScheijbeler Social Analytics social-analytics allows Stored XSS.This issue affects Social Analytics: from n/a through = 0.2...
CVE-2025-22342
Cross-Site Request Forgery CSRF vulnerability in Jenst WP Simple Sitemap wp-simple-sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through = 0.2...
CVE-2024-54438
CVE-2024-54438 affects the Gaxx Keywords WordPress plugin (GAxx Keywords) and is described as a CSRF to Stored XSS vulnerability affecting versions from n/a up through 0.2. Connected sources (Wordfence WordPress Vulnerability Details) indicate this CVE is currently Unpatched, with no exploitation...
WordPress plugin Twitter Follow Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2024-34716 · Unknown · Ml Responsive Audio Player With Playlist Shortcode
Name of the Vulnerable Software and Affected Versions: ML Responsive Audio player with playlist Shortcode versions 0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...
WordPress plugin Search order by product SKU for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2024-34840 · Unknown · Woocommerce
Name of the Vulnerable Software and Affected Versions: Search order by product SKU for WooCommerce versions 0.2 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS,...
WordPress plugin Bible Text security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...
phonenumber: panic on parsing crafted phonenumber inputs
Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...
WordPress Bible Text plugin <= 0.2 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Bible Text versions = 0.2...
Sitetweet <= 0.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The PoC will be displayed on June 25, 2024, to give users the time to update...
WordPress Site Favicon Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software Site Favicon Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35642 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 793a8085c766 Credits Cronus Required privilege Administrator...
PT-2024-23761 · Unknown · Broken Images
Name of the Vulnerable Software and Affected Versions: Broken Images versions 0.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross-Site Scripting XSS in Broken Images. This means an attacker can trick a user into performing unintended actions...
NVIDIA ChatRTX 跨站脚本漏洞
NVIDIA ChatRTX is a content personalization chatbot from NVIDIA Corporation. A security vulnerability exists in NVIDIA ChatRTX version 0.2 and prior versions, which originated from a vulnerability that allows an attacker to run a malicious script in a user's browser, resulting in code execution,...
WordPress Broken Images plugin <= 0.2 - CSRF to XSS vulnerability
CSRF to XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Broken Images versions = 0.2...
CentOS 9 : pki-core-11.3.0-0.2.beta1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the pki- core-11.3.0-0.2.beta1.el9 build changelog. - Improper authentication/authorization with caServerKeygenDirUserCert profile CVE-2022-2393 Note that Nessus has not tested for this iss...
ferris-says has undefined behavior when not using UTF-8
Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...
CVE-2023-52257
LogoBee 0.2 allows updates.php?id= XSS...
CVE-2023-52257
LogoBee 0.2 allows updates.php?id= XSS...