19 matches found
CVE-2019-12479
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, the...
EUVD-2019-4075
Malware in sbrugna...
EUVD-2025-2824
Malicious code in bioql PyPI...
CVE-2025-22546
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through = 1.0...
CVE-2025-22546
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through = 1.0...
CVE-2025-22546 WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through = 1.0...
CVE-2025-22546 WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through = 1.0...
CVE-2025-22546
CVE-2025-22546 is an explicit Stored XSS in jQuery TwentyTwenty (WordPress plugin) due to improper input neutralization during web page generation. The affected product is jQuery TwentyTwenty (WordPress plugin) up to version 1.0, with a CVSS 3.1 base score of 6.5 (Medium); attack vector Network, ...
WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin jQuery TwentyTwenty versions = 1.0...
PT-2025-4537 · Unknown · Jquery Twentytwenty
Name of the Vulnerable Software and Affected Versions: jQuery TwentyTwenty versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicious...
CVE-2024-11352
The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11352 TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2024-16927 · WordPress · Twentytwenty
Name of the Vulnerable Software and Affected Versions: TwentyTwenty plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin TwentyTwenty 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress TwentyTwenty plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin TwentyTwenty versions = 1.0.1...
Malicious code in twentytwenty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0b5cb94b4e758aaabd499e42ac5e149391b5f11597501e5df504661a2d633122 The OpenSSF Package Analysis project identified 'twentytwenty' @ 1.9.1 npm as malicious. It is considered malicious because: - The package...
MAL-2023-7922 Malicious code in twentytwenty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0b5cb94b4e758aaabd499e42ac5e149391b5f11597501e5df504661a2d633122 The OpenSSF Package Analysis project identified 'twentytwenty' @ 1.9.1 npm as malicious. It is considered malicious because: - The package...
Debian DSA-5279-1 : wordpress - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5279 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...
CVE-2019-12479
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, the...