10 matches found
EUVD-2025-27671
Malicious code in bioql PyPI...
CVE-2025-8316
The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
WordPress Certifica Cross-Site Scripting Vulnerability
Certifica is a certificate generation and management plugin for the WordPress platform. A stored XSS vulnerability exists in Certifica 3.1 and earlier versions, which stems from insufficient input filtering and output escaping of evento parameters. The vulnerability can be exploited to inject a...
CVE-2025-8316
The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-8316 Certifica WP <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter
The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-8316 Certifica WP <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter
The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-8316
CVE-2025-8316 describes a Stored Cross-Site Scripting in Certifica WP (WordPress) up to version 3.1, exploitable by authenticated users with Contributor+ privileges via the evento parameter. The impact is arbitrary web-script execution when affected pages are viewed. The Wordfence summary lists t...
WordPress Certifica WP plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via evento Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Certifica WP versions = 3.1...
WordPress plugin Certifica 跨站脚本漏洞
Certifica is a certificate generation and management plugin for the WordPress platform. A stored XSS vulnerability exists in Certifica 3.1 and earlier versions, which stems from insufficient input filtering and output escaping of evento parameters. The vulnerability can be exploited to inject a...
PT-2025-37123
The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...