17 matches found
EUVD-2025-11585
Malicious code in bioql PyPI...
EUVD-2023-12240
Malicious code in bioql PyPI...
CVE-2023-0150
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-26968
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
CVE-2025-26968
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
CVE-2025-26968 WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
CVE-2025-26968 WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Cloak Front End Email versions = 1.9.5...
PT-2025-16976 · Webbernaut · Webbernaut Cloak Front End Email
Name of the Vulnerable Software and Affected Versions: webbernaut Cloak Front End Email versions 1.9.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can be exploited in th...
Cross site scripting
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0150
The CVE-2023-0150 entry concerns the Cloak Front End Email WordPress plugin (versions
WordPress Plugin Cloak Front End Email 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks email name='" onmouseover="alert1"...
WordPress Cloak Front End Email Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Cloak Front End Email Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0150 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8e7d5eb708ad Credits István Márto...
Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC email name='" onmouseover="alert1"...