26 matches found
EUVD-2025-1900
Malicious code in bioql PyPI...
EUVD-2025-1901
Malicious code in bioql PyPI...
EUVD-2025-11764
Malicious code in bioql PyPI...
CVE-2025-22636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n/a through = 4.0.1...
CVE-2025-22636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n/a through = 4.0.1...
CVE-2025-22636 WordPress VR-Frases plugin <= 4.0.1 - Reflected XSS to SQL Injection vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n/a through = 4.0.1...
CVE-2025-22636
CVE-2025-22636 — WordPress VR-Frases plugin is a Reflected XSS vulnerability arising from improper neutralization of input during web page generation in VR-Frases (WordPress plugin). Affected: VR-Frases versions up to 3.0.1 (per CVE). Exploitation entails injecting malicious scripts via inputs re...
WordPress plugin VR-Frases 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...
WordPress VR Frases plugin < 4.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin VR-Frases versions 4.0...
CVE-2024-13626
The VR-Frases collect & share quotes WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13626 VR Frases <= 3.0.1 - Reflected XSS
The VR-Frases collect & share quotes WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin VR Frases 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress VR-Frases plugin <= 4.0.1 - Reflected XSS to SQL Injection vulnerability
Reflected XSS to SQL Injection vulnerability discovered by Colin Xu Patchstack Alliance in WordPress Plugin VR-Frases versions = 4.0.1...
CVE-2025-0860
The VR-Frases collect & share quotes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-0860
The VR-Frases collect & share quotes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-0861
The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-0861 VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection
The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-0860 VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting
The VR-Frases collect & share quotes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-0861 VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection
The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-0860
CVE-2025-0860: VR-Frases (WordPress plugin) is affected by Reflected Cross-Site Scripting in all versions up to 3.0.1 due to insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject scripts into pages that execute when a user performs an action (e.g., ...