587 matches found
WordPress Anchor smooth scroll plugin <= 1.0.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Anchor smooth scroll versions = 1.0.2...
CVE-2025-5752 Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Vertical scroll image slideshow gallery cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
MAL-2025-5723 Malicious code in react-router-scroll-navar (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
UBUNTU-CVE-2025-38213
In the Linux kernel, the following vulnerability has been resolved: vgacon: Add check for vcorigin address range in vgaconscroll Our in-house Syzkaller reported the following BUG twice, which we believed was the same issue with 1: ==================================================================...
CVE-2025-5488
The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-5488
CVE-2025-5488 affects the WordPress plugin WP Masonry & Infinite Scroll. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s wmis shortcode, present in all versions up to and including 2.2, caused by insufficient input sanitization and output escaping on user-supplied attribu...
WordPress plugin WP Masonry & Infinite Scroll 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-52782
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...
CVE-2025-52782
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...
CVE-2025-52782
CVE-2025-52782 affects WordPress plugin Scroll UP (versions n/a through 2.0). It is a Cross-Site Scripting (Reflected XSS) vulnerability arising from improper input neutralization during web page generation. The provided sources list a CVSS v3.1 base score of 7.1 ( HIGH ) and indicate the vulnera...
CVE-2025-52782 WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0...
CVE-2025-52782 WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...
PT-2025-26414 · Unknown · King Rayhan Scroll Up
Name of the Vulnerable Software and Affected Versions: King Rayhan Scroll UP versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers ...
WordPress plugin Scroll UP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-49451
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through...
CVE-2025-4775
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-49451
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through...
CVE-2025-49451
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through...
CVE-2025-4775 WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...