1052 matches found
CVE-2025-12660
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Cross-site Scripting (XSS)
Overview ph7software/ph7builder is a pH7Builder. Social Dating Web App Site Builder Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message content field in the application's messaging system. An attacker can execute arbitrary scripts in the context of another...
CVE-2025-11874
The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2025-11863
The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mygeocity' shortcode in all versions up to, and including, 1.2. This is due to the plugin not properly sanitizing user input or escaping output of the 'default' shortcode attribute. This makes it...
EUVD-2025-60946
The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sharetogoogle shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
EUVD-2025-60960
The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter of the 'geopost' shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12663
CVE-2025-12663 (Jeba Cute forkit WordPress plugin) is a Stored Cross-Site Scripting vulnerability in the jeba_forkit shortcode. The issue stems from insufficient input sanitization and output escaping of the text attribute, affecting all versions up to 1.0. Exploitation requires authenticated acc...
Cross-site Scripting (XSS)
Snipe-IT is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input, which allows an attacker to inject and execute arbitrary web scripts in the context of a victim’s browser...
EUVD-2025-37405
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inaredirectpageindividualuser' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-63885
A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...
CVE-2025-11866
The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...
Mediawiki - AdvancedSearch Extension Cross-Site Scripting Vulnerability
Mediawiki - AdvancedSearch Extension is an extension plugin for MediaWiki that enhances the search functionality, often used in conjunction with CirrusSearch and Elastica, to significantly improve search efficiency and accuracy. A cross-site scripting vulnerability exists in MediaWiki -...
EUVD-2025-34741
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
CVE-2025-10194
The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7652
The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Commerce Product Comparison Table widget when user-supplied input is injected into the Name text field of a Commerce Product. An attacker can execute arbitrary web scripts in the context of the user's...
EUVD-2020-23940
Malware in sbrugna...
EUVD-2007-2725
Malware in sbrugna...
EUVD-2018-8078
Malware in sbrugna...
EUVD-2008-6064
Malware in sbrugna...