8 matches found
EUVD-2021-11870
Malware in sbrugna...
EUVD-2025-30564
Malicious code in bioql PyPI...
CVE-2025-58241 WordPress SnapWidget Social Photo Feed Widget Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through = 1.1.0...
CVE-2025-31760
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through = 1.1.0...
CVE-2023-25989
Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...
CVE-2021-24958
CVE-2021-24958 affects the Meks Easy Photo Feed Widget WordPress plugin prior to version 1.2.4. Root cause: the meks_save_business_selected_account AJAX action lacks capability and CSRF checks and does not escape some settings, making it accessible to any authenticated user. Impact: any authentic...
CVE-2021-24958 Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could...
Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
The plugin does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site...