WordPress Content Slideshow plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Content Slideshow versions = 2.4.1...

WordPress Animate Your Content plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Animate Your Content versions = 1.0.0...

WordPress Auto Thumbnails plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Thumbnails versions = 1.0...

WordPress jQuery googleslides plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin jQuery googleslides versions = 1.3...

WordPress WP Games Embed plugin <= 0.1beta - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Games Embed versions = 0.1beta...

WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...

WordPress Simple Wp colorfull Accordion plugin <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute vulnerability

Authenticated Contributor+ Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Wp colorfull Accordion versions = 1.0...

WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...

WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...

WordPress BrightTALK WordPress Shortcode plugin <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin BrightTALK WordPress Shortcode versions = 2.4.0...

Malicious code in gilang-takokak35-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 923aaee301a4c11cadf6d1ee5a80b60a42bc07334183cf5fec47340fe6744cb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-133720 Malicious code in gilang-mendoan2-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4253c6a435d2f1904a701dbfe260ce8c6e37bfad8f76bb1c7848c8f0a8e2d015 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-133724 Malicious code in gilang-nasi39-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 198298b0f571253974b78139b23e20ba5e1dac443bf9ab3b325d59ceeec0915e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-nasi27-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a4d8f3fd85cc3019c4875758243a3cd15e8695dd2945abcf0623279de877a94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-klentik48-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b8af5967afc6f70d4b0f39da20bdc87cbfc224b6fe8191f8b5b26e06db86ccb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-tahu93-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43af50958cc7d91b77617a9d41440c3d3e12f882be5f0a5caf01c7a722f3d71a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-asinan58-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ae9a647755c6431aa308db9fa884cd4c5e7b469ce103a328b7afdbe210e7142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-sroto92-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ec6c8c7c2c27b3f5784b7c3b4128c5ce39f11e308cc863e64d02f4d10a06333 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-mangga12-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c82958f51bbf3fa7facd2baec0f5f1ba8063f003aabc09930b9d9cec9b5377 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gilang-tapai7-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6715db0269791d223a44918c7cff379b030a239e823640e40c43daa21bbe6874 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...