EUVD-2023-45225

Malicious code in bioql PyPI...

CVE-2023-40669

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in twinpictures, baden03 Collapse-O-Matic plugin = 1.8.5.5 versions...

CVE-2023-7030

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...

CVE-2022-4475

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2024-4095

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-4095

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-4095

CVE-2024-4095 – Collapse-O-Matic (WordPress) vulnerability : An authenticated attacker with contributor-level access and above can trigger a Stored Cross-Site Scripting (XSS) via the plugin’s shortcodes expand/expandsub in all versions up to at least 1.8.5.7 (and referenced entries note 1.8.5.8 a...

CVE-2024-4095 Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

WordPress Plugin Collapse-O-Matic Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Collapse-O-Matic plugin <= 1.8.5.8 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Jack Taylor in WordPress Plugin Collapse-O-Matic versions = 1.8.5.8...

Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

WordPress Collapse-O-Matic Plugin <= 1.8.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Collapse-O-Matic Type Plugin Vulnerable versions = 1.8.5.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4095 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 825f6cdd00ef Credits Jack Taylor Required...

CVE-2023-7030

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...

CVE-2023-7030

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...

WordPress plugin Collapse-O-Matic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

WordPress Collapse-O-Matic plugin <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Richard Telleng stueotue in WordPress Plugin Collapse-O-Matic versions = 1.8.5.5...

Collapse-O-Matic < 1.8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it...

CVE-2023-40669

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in twinpictures, baden03 Collapse-O-Matic plugin = 1.8.5.5 versions...

CVE-2023-40669 WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in twinpictures, baden03 Collapse-O-Matic plugin = 1.8.5.5 versions...

CVE-2023-40669 WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in twinpictures, baden03 Collapse-O-Matic plugin = 1.8.5.5 versions...