CVE-2025-13007

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...

CVE-2025-13007 WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...

CVE-2025-13007 WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...

PT-2025-48647

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping on externally-sourced content. This makes it possible...

EUVD-2021-11972

Malware in sbrugna...

EUVD-2023-46181

Malicious code in bioql PyPI...

EUVD-2025-8877

Malicious code in bioql PyPI...

CVE-2025-3060

Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile:...

PT-2025-13860 · Unknown · Flattern – Multipurpose Bootstrap Business Profile

Name of the Vulnerable Software and Affected Versions: Flattern – Multipurpose Bootstrap Business Profile affected versions not specified Description: The issue affects Flattern – Multipurpose Bootstrap Business Profile. No specific details about the nature of the issue or its potential impact ar...

Drupal Flattern – Multipurpose Bootstrap Business Profile module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Flattern – Multipurpose Bootstrap Business Profile versions...

CVE-2023-41689

The CVE-2023-41689 entry maps to the WordPress plugin “Post to Google My Business (Google Business Profile)” where versions

WordPress Post to Google My Business (Google Business Profile) Plugin <= 3.1.14 is vulnerable to Broken Access Control

Software Post to Google My Business Google Business Profile Type Plugin Vulnerable versions = 3.1.14 Fixed in 3.1.15 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41689 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3e429cdbca73...

WordPress Business Profile Reviews Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Business Profile Reviews Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b0e3678a0ced Credits Rafie Muhammad Patchstack...

WordPress Post to Google My Business (Google Business Profile) plugin < 3.0.10 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Post to Google My Business Google Business Profile plugin versions 3.0.10. Solution Update the WordPress Post to Google My Business Google Business Profile plugin to the latest available version at least 3.0.10...

WordPress Post to Google My Business (Google Business Profile) plugin < 3.0.10 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Post to Google My Business Google Business Profile plugin versions 3.0.10. Solution Update the WordPress Post to Google My Business Google Business Profile plugin to the latest available version at lea...

CVE-2021-25060 Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS

The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwpwelcomeaddcontactpage and bpfwpwelcomesetcontactinformation AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack o...

WordPress plugin Five Star Business Profile and Schema 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Five Star Business Profile and Schema prio...