120988 matches found
WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...
CVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin Social Media Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-197966
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin WP Twitter Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...
WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...
Malicious code in neptune-grus-fusion-sass-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39f6784c9cffab433ca3aba62b9f5c8ca5f88d292e84c7ef4b23324259fe740a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astroinformatics-ethology-venus-slidev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 226e9d3d2ba28c131f256e2a26ec85fb9afec9418f57e00d7ec0b300e0e98206 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in socket-minify-export-catch-file (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e30d97ee2bf204b3fc45d68f49bafdd6a020615e4ad51cbc83f463f193b80ea9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in taurus-winston-panspermia-neuromorphic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e83d2cd6b9bc072d292c08b72596bfeb053e4d083b485191205648263cf806a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in saturnology-fomalhaut-geckodriver-resolvers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2caba52a6e0c88328d81e8c122e414d91225f1c1fc9d17f8a5aed4ff943da7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in soap-comet-adonis-karma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ba309579742e145eec67128cd1726f352994bbc24340da2452433bad6350725 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in table-private-module-zero-fork (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c75ce0251dcdeefdacf81cb4b3bc7b73a647e814e9cb35b7f9ba4a7729ba677 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in solis-semantic-release-pm2-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25f3fbcd8cfd3f79b4077a30db2336a9949bd3aed84da84464d9498779874eb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in sudo-reject-mu-proxy-fork (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71bd21ebc82601b1500c1ec0b38beaf261822f483579359312b433a31d3a139a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in public-perseus-zenith-blitz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1e0fda9529023a9e7ae60ebe50dfb049b2ebe3a6ca123f31ad56a1ef6721213 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...