EUVD-2024-32960

Malicious code in bioql PyPI...

WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Slickstream versions = 2.0.3...

CVE-2025-53273 WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3...

CVE-2025-53273

CVE-2025-53273 concerns the WordPress plugin Slickstream (versions n/a through 2.0.3). The vulnerability is a Cross-Site Request Forgery (CSRF) that could enable an attacker to perform unauthorized actions within a user’s authenticated session. The initial metrics indicate a CVSS v3.1 base score ...

CVE-2024-10179

The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-10179 Slickstream: Engagement and Conversions <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode

The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-10179 Slickstream: Engagement and Conversions <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode

The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Slickstream plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slick-grid Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Slickstream versions = 1.4.4...

WordPress Slickstream Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Slickstream Type Plugin Vulnerable versions = 1.4.4 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10179 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 483fb63a8894 Credits Peter Thaleikis Required...