120988 matches found
WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...
CVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin Social Media Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-197966
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin WP Twitter Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...
WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...
Malicious code in tachyon-mesosphere-spinner-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0199d4ad6da5ed57f1010cac95dc16558ece4d84ae6e6c6fb857dc52e6c6370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zenith-cosmiconfig-miranda-standard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06eda7674a79fee6c5be9c0b91dd719af94d0685f5badfb5a22f5c6411273b28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in deneb-biosignature-taphonomy-glaciology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 826d1c2ca5b616a8f35e0fd137fffc6f302955dd4f7b5785761a78ec8078fb4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in java-orchestrate-awk-process-virtualize (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23029396724af0865eecdd010c3f17e6739fe0ce56c8d44b3531fbdeac934801 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in thread-daemon-try-omega-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e433f4a84e6efa7b11638b10854c927218008bde39976e0df1922164229fc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cat-meta-stack-minify-try (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80dec973455eae025b75ae4a2fb66d3f693521c903c9ca3af246808867e0af65 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vortex-auth0-string-holography (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4b12f620e4fb06f261bdd80d409124bb22468e54001e0012b822d68da3e2741 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in encode-rain-refactor-execute-pi (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06ee24f91b8cf6e03f7269a7f2c713ec12a15e887c78c0ea82e730ed28149481 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in epimetheus-uninstall-cressida-sedna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efbfee41fefce5715d914720f5044a88f951f4b0361bc31c803542153c084c86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quantum-pegasus-winston-blitz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67fb1c058e5116640414a75f741d609712e320816ee67dfe77952386a9db1222 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...