Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

MAL-2026-5618 Malicious code in tailwind-animator-scroll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f89c3c4c01375bc7baef213c815a901ac3947eaf3835aa80ea67a725ece8d533 The package's main entry src/index.js appends, after a large whitespace gap following the legitimate-looking Tailwind plugin code, an...

WordPress WooCommerce Infinite Scroll and Ajax Pagination plugin <= 1.8 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by cuokon in WordPress Plugin WooCommerce Infinite Scroll versions = 1.8...

CVE-2025-11993

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

EUVD-2025-209981

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

CVE-2025-11993 WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP Object Injection

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

CVE-2025-11993

CVE-2025-11993 affects the WordPress plugin “WooCommerce Infinite Scroll and Ajax Pagination” (versions up to 1.8). The issue is a PHP Object Injection via the import_settings function’s settings parameter, caused by deserializing untrusted data without capability checks. An authenticated attacke...

WordPress plugin WooCommerce Infinite Scroll and Ajax Pagination 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-44749

Name of the Vulnerable Software and Affected Versions WooCommerce Infinite Scroll and Ajax Pagination versions prior to 1.9 Description The plugin is subject to PHP Object Injection, a condition where untrusted data is deserialized, allowing an attacker to manipulate the application's logic. The...

Malicious Package

Overview @databus-service-ui/scroll-up-content is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

CVE-2026-8703

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

CVE-2026-8703

The CVE-2026-8703 entry concerns the WordPress Endless Scroll plugin (versions up to and including 1.0.0). It describes a Stored Cross‑Site Scripting flaw caused by insufficient input sanitization and output escaping in Shortcode Attributes. The impact stated is that authenticated attackers with ...

CVE-2026-8703 Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

CVE-2026-8703 Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

PT-2026-43503

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

WordPress plugin Endless Scroll 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Endless Scroll plugin <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by MAJidox in WordPress Plugin Endless Scroll versions = 1.0.0...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Security Bulletin: MongoDB Enterprised Advanced affected by: react-router-7.11.0.tgz (CVE-2026-21884, CVE-2026-22029, CVE-2026-22030)

Summary There are vulnerabilities in react-router-7.11.0.tgz used in MongoDB Enterprised Advanced for IBM, involving an XSS vulnerability. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-21884 DESCRIPTION: React Router is a router for React. In @remix-run/react version...

Malicious Package

Overview react-native-parallax-scroll-view-updated is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...