19 matches found
CVE-2023-25975
Cross-Site Request Forgery CSRF vulnerability in Frédéric Sheedy Etsy Shop plugin = 3.0.3 versions...
EUVD-2023-57784
Malicious code in bioql PyPI...
EUVD-2023-29862
Malicious code in bioql PyPI...
CVE-2025-9115
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress Etsy Shop plugin < 3.0.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Etsy Shop versions 3.0.7...
CVE-2025-9115
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-9115
CVE-2025-9115 affects the Etsy Shop WordPress plugin (versions older than 3.0.7). The issue is caused by not escaping the $_SERVER['REQUEST_URI'] value when outputting it into an attribute, enabling a reflected cross-site scripting (XSS) vulnerability in old browsers. The vulnerability is mitigat...
CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress plugin Etsy Shop 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-38689
Name of the Vulnerable Software and Affected Versions Etsy Shop WordPress plugin versions prior to 3.0.7 Description The plugin does not properly sanitize the $ SERVER'REQUEST URI' parameter before using it in an attribute, potentially allowing for Reflected Cross-Site Scripting in older web...
CVE-2023-5470
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-25975
Cross-Site Request Forgery CSRF vulnerability in Frédéric Sheedy Etsy Shop plugin = 3.0.3 versions...
CVE-2023-25975
Cross-Site Request Forgery CSRF vulnerability in Frédéric Sheedy Etsy Shop plugin = 3.0.3 versions...
CVE-2023-25975 WordPress Etsy Shop plugin <= 3.0.3 - Cross Site Request Forgery (CSRF) vulnerability
A vulnerability in fsheedy Etsy Shop etsy-shop.This issue affects Etsy Shop: from n/a through = 3.0.3...
WordPress Plugin Etsy Shop Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-5470
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5470
The CVE-2023-5470 entry refers to the Etsy Shop WordPress plugin. Affected: Etsy Shop (WordPress plugin)
CVE-2023-5470 Etsy Shop <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...