93 matches found
CVE-2025-66500
CVE-2025-66500 describes a stored XSS in Foxit’s webplugins.foxit.com where a postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, enabling arbitrary JavaScript execution when a crafted postMessage is received. The description is consisten...
WordPress Social Media Auto Publish plugin <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Social Media Auto Publish versions = 3.6.5...
CVE-2025-14703
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...
CVE-2025-14703
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...
CVE-2025-14703
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...
CVE-2025-14703 Shiguangwu sgwbox N3 POST Message fsnotify improper authentication
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...
EUVD-2025-203325
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...
CVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12077 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage
The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12077 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage
The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2025-51057
The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12078
The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12079
CVE-2025-12079 (WP Twitter Auto Publish) is a reflected Cross-Site Scripting via PostMessage vulnerability in WordPress WP Twitter Auto Publish plugin. Affected versions are all up to and including 1.7.3, with exploitation possible by unauthenticated attackers who trick a user into performing an ...
PT-2025-47253
Name of the Vulnerable Software and Affected Versions ArtiBot Free Chat Bot for WebSites plugin for WordPress versions through 1.1.7 Description The software is susceptible to Reflected Cross-Site Scripting via PostMessage due to inadequate input sanitization and output escaping. This allows...
WordPress ArtiBot Free Chat Bot for WebSites plugin <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin ArtiBot versions = 1.1.7...
Cross-site Request Forgery (CSRF)
Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...
CVE-2025-12064
The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-38360
The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12064
The CVE-2025-12064 entry concerns the WP2Social Auto Publish WordPress plugin. A Reflected Cross-Site Scripting (XSS) via PostMessage exists in all versions up to and including 2.4.7 due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts i...