2340 matches found
EUVD-2025-32260
The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-8776 Epic Bootstrap Buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter
The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-8776
CVE-2025-8776 (Epic Bootstrap Buttons, WordPress) : The WordPress plugin is affected by a Stored Cross-Site Scripting vulnerability triggered via the icol parameter. The issue applies to all versions up to 1.0. An attacker with Contributor-level access or higher can inject arbitrary scripts that ...
CVE-2025-8776 Epic Bootstrap Buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter
The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress Epic Bootstrap Buttons plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via icol Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Epic Bootstrap Buttons versions = 1.0...
WordPress plugin Epic Bootstrap Buttons 跨站脚本漏洞
WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...
PT-2025-40479
Name of the Vulnerable Software and Affected Versions Epic Bootstrap Buttons plugin for WordPress versions prior to 1.0 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with...
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.
...
CVE-2025-9991
The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...
CVE-2025-9991 Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion
The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...
CVE-2025-9991 Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion
The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...
WordPress Tiny Bootstrap Elements Light plugin <= 4.3.34 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Tiny Bootstrap Elements Light versions = 4.3.34...
WordPress plugin Tiny Bootstrap Elements Light 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
OESA-2025-2324 python-pyinstaller security update
PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...
OESA-2025-2323 python-pyinstaller security update
PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...
OESA-2025-2322 python-pyinstaller security update
PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...
MAL-2025-47455 Malicious code in @rxap/ngx-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41d94f6e5c522d3783037ae1e8e338ce291027d01211c6c990a0f3a6d8c08bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @rxap/ngx-bootstrap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41d94f6e5c522d3783037ae1e8e338ce291027d01211c6c990a0f3a6d8c08bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Medium: pki-core
Issue Overview: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0. CVE-2025-1647 Affected Packages: pki-core Note: This advisory is applicable t...
Amazon Linux 2 : pki-core, --advisory ALAS2-2025-2995 (ALAS-2025-2995)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2995 advisory. Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...