CVE-2025-32575

CVE-2025-32575 affects the WordPress plugin WP w3all phpBB (axew3) for WordPress/WP-BB integration. Connected data indicates the issue is described as a Cross-Site Forgery to Stored Cross-Site Scripting (CSRF to S-SCRIPTING) vulnerability affecting WP w3all phpBB up to version 2.9.3. The CVE entr...

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

WordPress Flash Video Player plugin <= 5.0.4 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Flash Video Player versions = 5.0.4...

WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting

Vulnerability: XSS & CSRF Affected Software: Contact Form Email Affected Version: 1.2.65 Patched Version: 1.2.66 CVE: not requested Risk: Medium Vendor Contacted: 10/31/2018 Vendor Fix: 10/31/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen Reflected XSS CVSS 6.1 Medium...

Imgur: CSRF leads to a stored self xss

Followup from 311460 Summary Self xss and CSRF are both out of scope, but when paired it is possible to create an attack on a user. Description A favorites folder with an xss payload for a name will launch when saving an image to said folder. This can be verified by following these steps Visit yo...