WordPress WP Hallo Welt plugin <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP Hallo Welt versions = 1.4...

CVE-2025-13365

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

CVE-2025-13365 WP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

CVE-2025-13365 WP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

CVE-2025-13365

CVE-2025-13365 affects the WP Hallo Welt WordPress plugin (versions up to and including 1.4). The issue stems from missing/incorrect nonce validation in the hallo_welt_seite function, enabling unauthenticated CSRF that lets an attacker manipulate plugin settings. The lack of input sanitization/ou...

WordPress plugin WP Hallo Welt 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site reques...

PT-2025-52537

Name of the Vulnerable Software and Affected Versions WP Hallo Welt plugin versions prior to 1.5 Description The WP Hallo Welt plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the hallo welt seite function. This allows...

EUVD-2022-34768

Malicious code in bioql PyPI...

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-58114

This CVE affects BlueSpice (Hallo Welt! GmbH) with the CognitiveProcessDesigner extension. The vulnerability is an improper input validation that enables Cross-Site Scripting (XSS) and affects BlueSpice versions 5 through 5.1.1. Documented details indicate the root cause is input validation in Ex...

Cross site scripting

Cross-site Scripting XSS vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML XSS on page "Special:SearchCenter", using the search term in the URL...

CVE-2022-2510 Potential XSS on Special:SearchCenter

Cross-site Scripting XSS vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML XSS on page "Special:SearchCenter", using the search term in the URL...