EUVD-2022-34954

Malicious code in bioql PyPI...

CVE-2022-2709

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Exploit for CVE-2025-31864

CVE-2025-31864 1️⃣ Component type WordPress plugin 2️...

CVE-2025-31864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Out the Box Beam me up Scotty beam-me-up-scotty allows Stored XSS.This issue affects Beam me up Scotty: from n/a through = 1.0.23...

WordPress plugin Beam me up Scotty – Back to Top Button 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2023-41733

CVE-2023-41733 affects the WordPress plugin YYDevelopment Back To The Top Button (versions 2.1.5, e.g., 2.1.7 or newer) is the recommended mitigation. If upgrading is not feasible, monitor for updates and consider compensating controls until a patch can be applied.

WordPress Back To The Top Button Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Back To The Top Button Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41733 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 476e426fa8a5 Credits Rio Darmawan...

CVE-2022-2709 Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Float to Top Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Float to Top Button plugin <= 2.3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Float to Top Button plugin versions = 2.3.6. Solution Deactivate and delete. This plugin has been closed as of August 15, 2022 and is not available for download. This closure is temporary,...

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Text for the button" or...

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Text for the button" or "URL ...