24 matches found
CVE-2025-23933
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...
EUVD-2025-3548
Malicious code in bioql PyPI...
CVE-2023-0280
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-23933
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...
CVE-2025-23933 WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...
CVE-2025-23933
CVE-2025-23933 affects WpF Ultimate Carousel (WpFreeware) up to version 1.0.11 with Stored XSS due to improper input neutralization during web page generation. Public sources (Red Hat and Wordfence) confirm this vulnerability exists and is currently Unpatched; no exploitation details are provided...
CVE-2025-23933 WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...
WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WpF Ultimate Carousel versions = 1.0.11...
WordPress plugin WpF Ultimate Carousel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Ultimate Carousel For Divi Plugin < 4.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Carousel For Divi Type Plugin Vulnerable versions 4.5.1 Fixed in 4.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 62b9f7045643 Credits Rafie Muhammad Patchsta...
CVE-2023-0280
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0280
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0267
The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2023-0280 Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0267
CVE-2023-0267 affects The Ultimate Carousel For WPBakery Page Builder WordPress plugin up to version 2.6. It stems from not validating/escaping certain shortcode attributes before they are output in a page/post, enabling Stored Cross-Site Scripting for users with the contributor role or higher. P...
CVE-2023-0267 Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2023-0267 Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
WordPress plugin Ultimate Carousel For WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-16125 · WordPress · The Ultimate Carousel For Wpbakery Page Builder
Name of the Vulnerable Software and Affected Versions: The Ultimate Carousel For WPBakery Page Builder WordPress plugin versions through 2.6 Description: The issue concerns the failure to validate and escape certain shortcode attributes, which could allow users with the contributor role and above...
WordPress plugin Ultimate Carousel For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...