94 matches found
CVE-2025-68838
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...
CVE-2025-68838
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...
CVE-2025-68838 WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...
CVE-2025-68838
CVE-2025-68838 – Reflected XSS in the ExpressTechSoftwares MemberPress Discord Addon (WordPress plugin: expresstechsoftwares-memberpress-discord-add-on) affecting versions up to and including 1.1.4. Attack vector is via improper input neutralization during web page generation, enabling reflected ...
CVE-2025-68838
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...
CVE-2025-68838 WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...
PT-2026-4084
Name of the Vulnerable Software and Affected Versions MemberPress Discord Addon versions through 1.1.4 Description The MemberPress Discord Addon contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This issue could...
WordPress plugin MemberPress Discord Addon: Cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin MemberPress Discord Addon versions = 1.1.4...
EUVD-2024-46298
Malicious code in bioql PyPI...
EUVD-2024-46294
Malicious code in bioql PyPI...
EUVD-2025-12294
Malicious code in bioql PyPI...
EUVD-2025-11700
Malicious code in bioql PyPI...
EUVD-2025-15762
Malicious code in bioql PyPI...
EUVD-2024-46295
Malicious code in bioql PyPI...
EUVD-2024-40605
Malicious code in bioql PyPI...
EUVD-2024-17166
Malicious code in bioql PyPI...
CVE-2024-5024
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'meprscreenname' and 'meprkey' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-1412
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-5025
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...