CVE-2024-56208 WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through = 1.0.71...

PT-2026-21032

Name of the Vulnerable Software and Affected Versions desertthemes NewsMash versions through 1.0.71 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance allows for Stored XS...

WordPress plugin NewsMash 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-33541

Malicious code in bioql PyPI...

EUVD-2024-36927

Malicious code in bioql PyPI...

CVE-2024-37441

Cross-Site Request Forgery CSRF vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through = 1.0.34...

CVE-2024-10849

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-37441

Cross-Site Request Forgery CSRF vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through = 1.0.34...

CVE-2024-37441 WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34...

CVE-2024-37441 WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through = 1.0.34...

CVE-2024-37441

CVE-2024-37441 is a CSRF vulnerability in DesertThemes NewsMash (WordPress theme). Affected are NewsMash versions n/a through 1.0.34. The issue enables CSRF; connected sources indicate the vulnerability has been patched in NewsMash, but no fixed version is specified in the provided documents. No ...

WordPress plugin NewsMash 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2025-2484 · Desertthemes · Newsmash

Name of the Vulnerable Software and Affected Versions: DesertThemes NewsMash versions 1.0.0 through 1.0.34 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.0.0...

WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.71...

CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress plugin NewsMash 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.34...

WordPress NewsMash Theme <= 1.0.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software NewsMash Type Theme Vulnerable versions = 1.0.34 Fixed in 1.0.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37441 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d6553705f29 Credits Dhabaleshwar Das Required...