35 matches found
CVE-2025-11828
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
EUVD-2025-60943
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
CVE-2025-11828
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
CVE-2025-11828
The Magazine Companion WordPress plugin (bnm-blocks/featured-posts-1 headerHtmlTag) is vulnerable to Stored XSS in all versions up to and including 1.2.3 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling...
CVE-2025-11828 Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
PT-2025-46253
Name of the Vulnerable Software and Affected Versions The Magazine Companion plugin for WordPress versions through 1.2.3 Description The Magazine Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the headerHtmlTag attribute within the bnm-blocks/featured-posts-1...
EUVD-2024-45463
Malicious code in bioql PyPI...
EUVD-2025-7860
Malicious code in bioql PyPI...
EUVD-2024-42903
Malicious code in bioql PyPI...
EUVD-2024-42904
Malicious code in bioql PyPI...
CVE-2024-48031
Cross-Site Request Forgery CSRF vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups FPMCG: from n/a through = 4.0...
CVE-2025-28905
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...
WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Featured Posts Grid versions = 1.7...
CVE-2025-28905
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...
CVE-2025-28905
CVE-2025-28905 relates to the WordPress plugin Featured Posts Grid (versions at or below 1.7). The connected docs confirm an improper handling of input during web page generation, enabling a CSRF to Stored XSS chain. The CVSS 3.1 base metrics (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) indicate network...
CVE-2025-28905 WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...
CVE-2025-28905 WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through = 1.7...
CVE-2024-51647
Cross-Site Request Forgery CSRF vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25...
CVE-2024-48032
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups FPMCG...
CVE-2024-51647
Cross-Site Request Forgery CSRF vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25...