CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11826 WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11826

CVE-2025-11826 involves the WP Company Info plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the class attribute of the social-networks shortcode, affecting all versions up to 1.9.0. Exploitation requires authenticated access at contributor level or higher, allow...

WordPress plugin WP Company Info 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress WP Company Info plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Company Info versions = 1.9.0...

EUVD-2023-28697

Malicious code in bioql PyPI...

CVE-2023-24687

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter...

CVE-2023-24687

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter...

CVE-2023-24687

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter...

Cross site scripting

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter...

CVE-2023-24687

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter...

CVE-2023-24687

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter...

mojoPortal 跨站脚本漏洞

mojoPortal is the United States Joe Audette individual developer of a set of open source , object-oriented Web site architecture WSF and content management system CMS. The system offers event calendars, photo albums, file managers, and more. A security vulnerability exists in mojoPortal version...

Novastar-VNNOX-iCare Novaicare 安全漏洞

Novastar-VNNOX-iCare Novaicare is an application used to centrally monitor the status of LED screen displays by Xi'an Novaicare Technology Co. in China. A security vulnerability exists in Novastar-VNNOX-iCare Novaicare version 7.16.0, which can be exploited by an attacker to elevate privileges an...

Design/Logic Flaw

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company...

Newsletter < 6.7.7 - Authenticated Stored Cross-Site Scripting

An Authenticated Stored Cross-Site Scripting XSS was discovered within the Company Info "Motto" field. When creating a new newsletter using an empty template with the header module, the XSS would execute. This was later fixed in version: 6.7.7 PoC...

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...