Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

MINI-RHFQ-4652-3F62

Bulletin has no description...

CVE-2026-4652

creationtimestamp| type| source ---|---|--- 2026-03-26 09:17:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhxbhpnlql23 2026-03-27 00:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhystjcdgi2w 2026-03-27 00:01:38+00:00| seen|...

CVE-2025-4652

The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Broadstreet plugin < 1.51.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Broadstreet Ads versions 1.51.8...

CVE-2025-4652 Broadstreet < 1.51.8 - Reflected XSS

The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-4652 Broadstreet < 1.51.8 - Reflected XSS

The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Linux Distros Unpatched Vulnerability : CVE-2014-4652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in the tlv handler functionality in the sndctlelemusertlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel...

CVE-2024-4652

Campcodes Complete Web-Based School Management System 1.0 contains a cross-site scripting flaw in /view/show_teacher2.php via the month parameter. The vulnerability is exploitable remotely and has been publicly disclosed. Affected component is an unknown function; root cause is input manipulation...

CVE-2019-4652

creationtimestamp| type| source ---|---|--- 2024-02-13 10:26:20+00:00| seen| https://t.me/ctinow/183717...

CVE-2023-4652

creationtimestamp| type| source ---|---|--- 2023-08-31 07:12:46+00:00| seen| https://t.me/cibsecurity/69504...

CVE-2023-4652

CVE-2023-4652 is a stored Cross-site Scripting (XSS) vulnerability affecting instantsoft/icms2 releases prior to 2.16.1-git. Multiple sources confirm the issue is a stored XSS in icms2, with exploitation via attacker-supplied input that can induce script execution in an affected user’s browser. P...

CVE-2022-4652

creationtimestamp| type| source ---|---|--- 2023-03-13 19:23:24+00:00| seen| https://t.me/cibsecurity/59922 2025-03-02 11:44:20+00:00| seen| Telegram/58yrJTI6Jn5zPdz8ILZamGuzzueg6eO6XIDmzAz2OjEjKaic...

CVE-2022-4652 Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4652

The CVE-2022-4652 entry documents a Stored XSS in the Video Background WordPress plugin for versions prior to 2.7.5. The vulnerability arises because certain shortcode attributes are not validated/escaped before being output, which could allow users with the contributor role and above to inject s...

CVE-2022-4652 Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Debian: Security Advisory (DLA-0015-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Video Background Plugin <= 2.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Video Background Type Plugin Vulnerable versions = 2.7.4 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4652 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8720d683d0f2 Credits Lana Codes Requir...

SUSE CVE-2015-4652

epan/dissectors/packet-gsmadtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the deemergnumlist and debcdnum functions...

SUSE: Security Advisory (SUSE-SU-2014:0912-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...