CVE-2025-10165

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9561

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

EUVD-2025-32245

Malicious code in bioql PyPI...

CVE-2025-9897

The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or...

CVE-2025-10165

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10165 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10165

CVE-2025-10165 affects the WordPress plugin AP Background. A stored XSS flaw exists in the adv_parallax_back shortcode due to insufficient input sanitization and output escaping in versions up to 3.8.2, allowing authenticated users with contributor-level access or higher to inject and execute scr...

CVE-2025-9561

CVE-2025-9561 affects the WordPress AP Background plugin (versions 3.8.1–3.8.2). The issue is an arbitrary file upload vulnerability due to missing authorization and insufficient file validation in advParallaxBackAdminSaveSlider(), allowing authenticated attackers with Subscriber+ access to uploa...

CVE-2025-9561 AP Background 3.8.1 - 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

WordPress AP Background plugin <= 3.8.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin AP Background versions = 3.8.2...

WordPress AP Background plugin 3.8.1-3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability discovered by kr0d in WordPress Plugin AP Background versions 3.8.1-3.8.2...

WordPress plugin AP Background 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress AP Background plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of advparallaxback,...

PT-2025-40467

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions prior to 3.8.3 Description The software contains a flaw that allows an attacker to inject malicious web scripts into pages. This is possible due to insufficient input sanitization and output escaping...

WordPress plugin AP Background 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AP Background plugin that stems from missing or incorrect random number validation in the...