72 matches found
CVE-2025-68004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004
CVE-2025-68004 is a Reflected XSS in WordPress plugin My Post Order (my-posts-order) up to version 1.2.1.1, caused by improper input neutralization during web page generation. The CVSS 3.1 vector indicates NETWORK attack with USER INTERACTION required and HIGH severity (7.1). Multiple connected s...
CVE-2025-68004
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004 WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
CVE-2025-68004 WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...
WordPress plugin My Post Order has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4049
Name of the Vulnerable Software and Affected Versions Kapil Chugh My Post Order versions through 1.2.1.1 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS issue. This specific instance is a Reflected...
WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin My Post Order versions = 1.2.1.1...
EUVD-2023-51632
Malicious code in bioql PyPI...
EUVD-2022-51735
Malicious code in bioql PyPI...
EUVD-2024-23229
Malicious code in bioql PyPI...
EUVD-2024-43384
Malicious code in bioql PyPI...
EUVD-2022-51734
Malicious code in bioql PyPI...
WordPress plugin Custom Category/Post Type Post order security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2023-47521
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8...
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation vulnerability
Missing Authorization to Unauthenticated Post Order Manipulation vulnerability discovered by incognito in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.13...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...