284 matches found
CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
WordPress Cute News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by ChamlaVic in WordPress Plugin Cute News Ticker versions = 1.0...
WordPress plugin Cute News Ticker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in exact-ticker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d73836084382b05119a191e8cca9859cc6d1233d4438d1d89b016447c822b7a3 The package exact-ticker was found to contain malicious code. Source: ghsa-malware f79afea8081e5bfa7bd2122f78ff54b8eccb0c1516de1a9c14a19a3ca7d2ffa6 A...
EUVD-2025-198652
Malicious code in exact-ticker npm...
MAL-2025-190697 Malicious code in exact-ticker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d73836084382b05119a191e8cca9859cc6d1233d4438d1d89b016447c822b7a3 The package exact-ticker was found to contain malicious code. Source: ghsa-malware f79afea8081e5bfa7bd2122f78ff54b8eccb0c1516de1a9c14a19a3ca7d2ffa6 A...
CVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11804
CVE-2025-11804 affects the WordPress plugin JB News Ticker. The vulnerability is a Stored Cross-Site Scripting flaw exploitable via the id attribute of the jbticker shortcode, present in all versions up to 1.0. It requires authenticated access at contributor level or higher, enabling an attacker ...
CVE-2025-11804 JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress plugin JB News Ticker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress JB News Ticker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin JB News Ticker versions = 1.0...
WordPress Any News Ticker plugin cross-site scripting vulnerability
WordPress Any News Ticker plugin is a functional plugin for adding dynamic scrolling news tickers to your website. WordPress Any News Ticker plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of any-ticker, which can...
EUVD-2008-6118
Malware in sbrugna...
EUVD-2012-2065
Malware in sbrugna...
EUVD-2023-31362
Malicious code in bioql PyPI...
EUVD-2024-45630
Malicious code in bioql PyPI...
EUVD-2024-22456
Malicious code in bioql PyPI...
EUVD-2023-44805
Malicious code in bioql PyPI...