CVE-2024-56208 WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through = 1.0.71...

PT-2026-21032

Name of the Vulnerable Software and Affected Versions desertthemes NewsMash versions through 1.0.71 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance allows for Stored XS...

WordPress plugin NewsMash 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-36927

Malicious code in bioql PyPI...

EUVD-2024-33541

Malicious code in bioql PyPI...

CVE-2024-37441

Cross-Site Request Forgery CSRF vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through = 1.0.34...

CVE-2024-10849

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-37441

Cross-Site Request Forgery CSRF vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through = 1.0.34...

CVE-2024-37441 WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34...

CVE-2024-37441 WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through = 1.0.34...

CVE-2024-37441

CVE-2024-37441 is a CSRF vulnerability in DesertThemes NewsMash (WordPress theme). Affected are NewsMash versions n/a through 1.0.34. The issue enables CSRF; connected sources indicate the vulnerability has been patched in NewsMash, but no fixed version is specified in the provided documents. No ...

PT-2025-2484 · Desertthemes · Newsmash

Name of the Vulnerable Software and Affected Versions: DesertThemes NewsMash versions 1.0.0 through 1.0.34 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.0.0...

WordPress plugin NewsMash 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.71...

CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress plugin NewsMash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.34...

WordPress NewsMash Theme <= 1.0.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software NewsMash Type Theme Vulnerable versions = 1.0.34 Fixed in 1.0.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37441 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d6553705f29 Credits Dhabaleshwar Das Required...