Trust Me, Import This: Dependency Steering Attacks Via Malicious Agent Skills

LLM-powered coding agents increasingly make software supply chain decisions. They generate imports, recommend packages, and write installation commands. Prior work showed that these systems can hallucinate non-existent package names, which attackers may register as malicious packages. In this...

CVE-2025-13667

The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...

CVE-2025-13667

The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...

CVE-2025-13667 WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field

The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...

CVE-2025-13667 WP Recipe Manager <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field

The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...

CVE-2025-13667

CVE-2025-13667 affects WP Recipe Manager for WordPress (

WordPress plugin WP Recipe Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

PT-2026-1603

Name of the Vulnerable Software and Affected Versions WP Recipe Manager plugin for WordPress versions prior to 1.0.1 Description The WP Recipe Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

WordPress WP Recipe Manager plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Skill Level' Input Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Skill Level' Input Field vulnerability discovered by ChamlaVic in WordPress Plugin WP Recipe Manager versions = 1.0.0...

Siemens Energy PLUSCONTROL 1st Gen

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PLUSCONTROL Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could affect integrity of TCP...

Hitachi ABB Power Grids Ellipse EAM

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2. RISK EVALUATION Successful exploitation of these...

Siemens SIMARIS Configuration (Update A)

1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMARIS configuration Vulnerability: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-040-08 Siemens SIMARIS...

WAGO M&M Software fdtCONTAINER (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Advantech WebAccess Node

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their...

Siemens Opcenter Execution Core (Update B)

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Opcenter Execution Core --------- Begin Update B Part 1 of 5 --------- Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control, Insufficiently Protected...

Rockwell Automation FactoryTalk View SE

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerabilities: Cleartext Storage of Sensitive Information, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead...

Fazecast jSerialComm

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fazecast Equipment: jSerialComm Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a...

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment : RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to...

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

Honeywell NOTI-FIRE-NET Web Server (NWS-3)

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: NOTI-FIRE-NET Web Server NWS-3 Vulnerabilities: Authentication Bypass by Capture-replay, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities...