WordPress AP Background plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress AP Background plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of advparallaxback,...

CVE-2025-9897

The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or...

EUVD-2024-33822

Malicious code in bioql PyPI...

CVE-2025-10165

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10165 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10165

CVE-2025-10165 affects the WordPress plugin AP Background. A stored XSS flaw exists in the adv_parallax_back shortcode due to insufficient input sanitization and output escaping in versions up to 3.8.2, allowing authenticated users with contributor-level access or higher to inject and execute scr...

EUVD-2025-32246

The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or...

CVE-2025-10165 AP Background <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advparallaxback' shortcode in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9561

CVE-2025-9561 affects the WordPress AP Background plugin (versions 3.8.1–3.8.2). The issue is an arbitrary file upload vulnerability due to missing authorization and insufficient file validation in advParallaxBackAdminSaveSlider(), allowing authenticated attackers with Subscriber+ access to uploa...

EUVD-2025-32248

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

WordPress AP Background plugin <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin AP Background versions = 3.8.2...

WordPress AP Background plugin <= 3.8.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin AP Background versions = 3.8.2...

WordPress AP Background plugin 3.8.1-3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability discovered by kr0d in WordPress Plugin AP Background versions 3.8.1-3.8.2...

WordPress plugin AP Background 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress AP Background plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of advparallaxback,...

PT-2025-40467

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions prior to 3.8.3 Description The software contains a flaw that allows an attacker to inject malicious web scripts into pages. This is possible due to insufficient input sanitization and output escaping...

WordPress plugin AP Background 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress AP Background plugin, which stems from a lack of authorization and insufficient file validation in the...

PT-2025-40509

Name of the Vulnerable Software and Affected Versions AP Background plugin for WordPress versions up to and including 3.8.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is due to missing or incorrect nonce validation within the advParallaxBackAdminSaveSlider...

WordPress Image&Video FullScreen Background plugin <= 1.6.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Image&Video FullScreen Background versions = 1.6.7...

CVE-2022-4652

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11775 Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...