15 matches found
EUVD-2025-17291
Malicious code in bioql PyPI...
EUVD-2023-57501
Malicious code in bioql PyPI...
CVE-2025-49242
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bellows Accordion Menu: from n/a through = 1.4.3...
CVE-2025-49242
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bellows Accordion Menu: from n/a through = 1.4.3...
CVE-2025-49242 WordPress Bellows Accordion Menu plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bellows Accordion Menu: from n/a through = 1.4.3...
CVE-2025-49242
CVE-2025-49242 is a stored XSS vulnerability in Bellows Accordion Menu for WordPress (Improper Neutralization of Input During Web Page Generation). Affected versions: Bellows Accordion Menu up to and including 1.4.3. Impact per available docs: stored cross-site scripting; remediation is to update...
CVE-2025-49242 WordPress Bellows Accordion Menu plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sevenspark Bellows Accordion Menu bellows-accordion-menu allows Stored XSS.This issue affects Bellows Accordion Menu: from n/a through = 1.4.3...
WordPress plugin Bellows Accordion Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2025-24205 · Sevenspark · Sevenspark Bellows Accordion Menu
Name of the Vulnerable Software and Affected Versions: sevenspark Bellows Accordion Menu versions 1.4.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
WordPress Bellows Accordion Menu plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Bellows Accordion Menu versions = 1.4.3...
Bellows Accordion Menu < 1.4.3 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not adequately sanitize user-supplied attributes in shortcodes, nor does it correctly escape output. This can lead to injection of arbitrary web scripts in pages by authenticated users with contributor-level permissions...
CVE-2023-5164
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5164
The Bellows Accordion Menu plugin for WordPress is affected by a stored XSS in shortcode attributes (versions up to and including 1.4.2) due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling injection of scr...
WordPress Plugin Bellows Accordion Menu Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Bellows Accordion Menu Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Bellows Accordion Menu Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 390a77233aee Credits István Márton...