30 matches found
EUVD-2025-31680
Malicious code in bioql PyPI...
EUVD-2025-30768
Malicious code in bioql PyPI...
EUVD-2022-24438
Malicious code in bioql PyPI...
CVE-2025-8608
The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8608 Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins
The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8608
CVE-2025-8608 affects Mihdan: Elementor Yandex Maps plugin for WordPress (versions up to 1.6.11). The vulnerability is a Stored XSS via the plugin’s block attributes, caused by insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or higher c...
CVE-2025-8608 Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins
The Mihdan: Elementor Yandex Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-39942
Name of the Vulnerable Software and Affected Versions Mihdan: Elementor Yandex Maps plugin for WordPress versions through 1.6.11 Description The Mihdan: Elementor Yandex Maps plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s block attributes. This is due to...
WordPress plugin Mihdan Elementor Yandex Maps 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers. timesheet is a job tracking plugin used in it. relevant is a...
CVE-2025-53451
Cross-Site Request Forgery CSRF vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through = 5.1.6.2...
WordPress Mihdan: No External Links Plugin <= 5.1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin Mihdan: No External Links versions = 5.1.6.2...
CVE-2025-53451
Cross-Site Request Forgery CSRF vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through = 5.1.6.2...
CVE-2025-53451 WordPress Mihdan: No External Links Plugin <= 5.1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through = 5.1.6.2...
CVE-2025-53451
CVE-2025-53451 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Mihdan: No External Links.” Affected range is up to 5.1.4 (from the Initial document). Connected sources indicate the issue is CSRF and show a patched entry for the same vulnerability (No External Links
PT-2025-38988
Name of the Vulnerable Software and Affected Versions Mihdan: No External Links versions through 5.1.4 Description A Cross-Site Request Forgery CSRF issue exists in Mihdan: No External Links. This allows attackers to perform actions on behalf of unsuspecting users. Recommendations Update to a...
CVE-2022-1095
The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4411
The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress plugin Mihdan: Yandex Turbo Feed 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Mihdan: A security...
CVE-2024-4411 Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-4411 Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...