Malicious Package

Overview etsy-advocacy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in etsy-advocacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954b1d4bfe5cfc54379a9fc61d30f5941755592aea62781a2a17e175d6eb38f3 The package etsy-advocacy was found to contain malicious code. Source: ghsa-malware ecd69e1f886e5959e3de00ca5b1235a1c05bef9098aab53be35030cb7b8e007b...

MAL-2026-2602 Malicious code in etsy-advocacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954b1d4bfe5cfc54379a9fc61d30f5941755592aea62781a2a17e175d6eb38f3 The package etsy-advocacy was found to contain malicious code. Source: ghsa-malware ecd69e1f886e5959e3de00ca5b1235a1c05bef9098aab53be35030cb7b8e007b...

CVE-2023-25975

Cross-Site Request Forgery CSRF vulnerability in Frédéric Sheedy Etsy Shop plugin = 3.0.3 versions...

EUVD-2021-0889

Malware in sbrugna...

EUVD-2024-30511

Malicious code in bioql PyPI...

EUVD-2025-30408

Malicious code in bioql PyPI...

EUVD-2021-34236

Malicious code in bioql PyPI...

EUVD-2023-57784

Malicious code in bioql PyPI...

EUVD-2025-28210

Malicious code in bioql PyPI...

EUVD-2024-51123

Malicious code in bioql PyPI...

EUVD-2023-29862

Malicious code in bioql PyPI...

CVE-2025-9115

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress Etsy Shop plugin < 3.0.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Etsy Shop versions 3.0.7...

CVE-2025-9115

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-9115

CVE-2025-9115 affects the Etsy Shop WordPress plugin (versions older than 3.0.7). The issue is caused by not escaping the $_SERVER['REQUEST_URI'] value when outputting it into an attribute, enabling a reflected cross-site scripting (XSS) vulnerability in old browsers. The vulnerability is mitigat...

CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']

The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress plugin Etsy Shop 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-38689

Name of the Vulnerable Software and Affected Versions Etsy Shop WordPress plugin versions prior to 3.0.7 Description The plugin does not properly sanitize the $ SERVER'REQUEST URI' parameter before using it in an attribute, potentially allowing for Reflected Cross-Site Scripting in older web...