121 matches found
EUVD-2026-27181
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
CVE-2026-4665
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
CVE-2026-4665
The CVE-2026-4665 entry concerns the WP Carousel Free plugin for WordPress (versions up to 2.7.10). Concrete details from connected documents describe a Stored Cross-Site Scripting flaw in the handling of fancybox data-caption attributes. The root cause is the fancybox-config.js logic reading the...
PT-2026-36965
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
WordPress plugin WP Carousel Free 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2019-16524
The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...
EUVD-2015-1628
Malware in sbrugna...
EUVD-2019-7201
Malware in sbrugna...
EUVD-2025-16698
Malicious code in bioql PyPI...
EUVD-2025-8137
Malicious code in bioql PyPI...
EUVD-2024-47141
Malicious code in bioql PyPI...
EUVD-2024-52521
Malicious code in bioql PyPI...
EUVD-2025-19954
Malicious code in bioql PyPI...
EUVD-2025-3271
Malicious code in bioql PyPI...
EUVD-2024-54361
Malicious code in bioql PyPI...
CVE-2025-8874
CVE-2025-8874 concerns Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations for WordPress. It describes a Stored Cross-Site Scripting (XSS) vulnerability in several widgets due to insufficient input sanitization/output escaping. Affected version...
CVE-2025-26591
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...
CVE-2025-26591
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...
CVE-2025-26591
CVE-2025-26591 concerns the WordPress plugin WP fancybox. Public documents confirm a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, affecting WP fancybox versions up to 1.0.4. Several connected sources reiterate the same issue a...
CVE-2025-26591 WordPress WP fancybox plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...