20 matches found
EUVD-2025-16141
Malicious code in bioql PyPI...
CVE-2025-4419
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...
CVE-2024-29796
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1...
CVE-2025-4419
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...
CVE-2025-4419
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...
CVE-2025-4405 Hot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter
The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-4419 Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...
CVE-2025-4405 Hot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter
The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-4419 Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter
The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside ...
PT-2025-22451 · WordPress · Hot Random Image
Name of the Vulnerable Software and Affected Versions: Hot Random Image plugin for WordPress versions up to, and including, 1.9.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
WordPress plugin Hot Random Image 跨站脚本漏洞
WordPress Hot Random Image is a basic plugin for displaying randomly selected images from a specified folder. A cross-site scripting vulnerability exists in WordPress Hot Random Image, which stems from insufficient link parameter input cleanup and escaping, and can be exploited by an attacker to...
WordPress plugin Hot Random Image 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
Hot Random Image < 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
CVE-2024-29796
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1...
CVE-2024-29796
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1...
CVE-2024-29796 WordPress Hot Random Image plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1...
CVE-2024-29796 WordPress Hot Random Image plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1...
PT-2024-23040
Name of the Vulnerable Software and Affected Versions Hot Random Image versions 1.8.1 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations For Hot Random...
WordPress Plugin Hot Random Image 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Hot Random Image Plugin <= 1.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Hot Random Image Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 63fa0707da67 Credits Ngô Thiên An ancorn from VNPT-VCI...