EUVD-2026-16098

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

CVE-2026-4278

The CVE-2026-4278 entry concerns the WordPress plugin Simple Download Counter, vulnerable to Stored Cross-Site Scripting via the sdc_menu shortcode in versions up to 2.3. The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically text...

CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute

The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdcmenu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'text' an...

CVE-2026-4086 WP Random Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

CVE-2026-4086

The CVE concerns the WP Random Button WordPress plugin (versions up to 1.0). It is vulnerable to Stored Cross-Site Scripting via the wp_random_button shortcode attributes cat, nocat, and text. The root cause is insufficient input sanitization and output escaping: the random_button_html() function...

PT-2026-26875

The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wp random button' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...

EUVD-2008-1432

Malware in sbrugna...

EUVD-2024-2429

Malicious code in bioql PyPI...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

WordPress plugin Update Image Tag Alt Attribute 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Hancom Office Buffer Overflow Vulnerability

Hancom Office is an office software suite product developed by Hancom Korea. A buffer overflow vulnerability exists in Hancom Office 2010 SE, which allows remote attackers to execute arbitrary code via long strings in the text attribute of a TEXTART XML element in an hml file...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

w3m Vulnerability of Unauthorized Access to Files or Cookies

Overview w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies. Impact An remote attacker could access files and cookies. Solution Please refer to the 'Vendor Information' section for official remediation and take...

CVE-2008-1428

Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product...