121 matches found
EUVD-2026-27181
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
CVE-2026-4665
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
CVE-2026-4665
The CVE-2026-4665 entry concerns the WP Carousel Free plugin for WordPress (versions up to 2.7.10). Concrete details from connected documents describe a Stored Cross-Site Scripting flaw in the handling of fancybox data-caption attributes. The root cause is the fancybox-config.js logic reading the...
WordPress plugin WP Carousel Free 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-36965
The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...
CVE-2019-16524
The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...
EUVD-2015-1628
Malware in sbrugna...
EUVD-2019-7201
Malware in sbrugna...
EUVD-2025-8137
Malicious code in bioql PyPI...
EUVD-2025-16698
Malicious code in bioql PyPI...
EUVD-2024-52521
Malicious code in bioql PyPI...
EUVD-2025-3271
Malicious code in bioql PyPI...
EUVD-2024-54361
Malicious code in bioql PyPI...
EUVD-2024-47141
Malicious code in bioql PyPI...
EUVD-2025-19954
Malicious code in bioql PyPI...
CVE-2025-8874
CVE-2025-8874 concerns Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations for WordPress. It describes a Stored Cross-Site Scripting (XSS) vulnerability in several widgets due to insufficient input sanitization/output escaping. Affected version...
CVE-2025-26591
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...
CVE-2025-26591
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...
CVE-2025-26591 WordPress WP fancybox plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam WP fancybox wp-fancybox allows Stored XSS.This issue affects WP fancybox: from n/a through = 1.0.3...
CVE-2025-26591
CVE-2025-26591 concerns the WordPress plugin WP fancybox. Public documents confirm a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation, affecting WP fancybox versions up to 1.0.4. Several connected sources reiterate the same issue a...