WordPress CubeWP plugin <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cubewpshortcodetaxonomy Shortcode vulnerability discovered by zaim in WordPress Plugin CubeWP versions = 1.1.26...

CVE-2025-8615

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8615

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8615

CVE-2025-8615 affects the CubeWP Framework (WordPress) and is a Stored Cross‑Site Scripting via the cubewp_shortcode_taxonomy shortcode in all versions up to and including 1.1.26. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authe...

EUVD-2026-3142

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8615 CubeWP <= 1.1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8615

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin CubeWP has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Deep Sea Electronics DSE855 安全漏洞

Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26, which stems from improper access control of the realtime.cgi endpoint, and could allow an attacker...

PT-2025-44641

Name of the Vulnerable Software and Affected Versions Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26 Description A flaw exists in access control within the realtime.cgi endpoint of Deep Sea Electronics devices. This allows attackers to access the admin panel and gain complete control o...

EUVD-2025-30510

Malicious code in bioql PyPI...

WordPress CubeWP Plugin <= 1.1.26 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin CubeWP versions = 1.1.26...

CVE-2025-59569

CVE-2025-59569 : Stored XSS in CubeWP (CubeWP Framework) affecting versions up to 1.1.26; exploit requires at least Contributor+ authenticated access. Patch available in 1.1.26 (CubeWP patch), per Wordfence listing of CubeWP

PT-2025-39044

Name of the Vulnerable Software and Affected Versions CubeWP versions through 1.1.26 Description The software contains a flaw related to improper input handling during web page creation, which can lead to Cross-site Scripting XSS. This specific instance is a Stored XSS issue, meaning malicious...

SUSE CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

openSUSE Security Update : cacti and cacti-spine (openSUSE-2017-1173)

This update for cacti and cacti-spine fixes the following issues : Build version 1.1.26 - issue841: --input-fields variable not working with addgraphs.php cli - issue986: Resolve minor appearance problem on Modern theme - issue989: Resolve issue with data input method commands loosing spaces on...

MGASA-2017-0048 Updated viewvc packages fix security vulnerability

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...

Updated viewvc packages fix security vulnerability

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...

Debian: Security Advisory (DSA-2555-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libxslt: Denial of service

Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description An out of bounds read error has been found in libxslt/pattern.c in libxslt. Impact A remote attacker could entice a user to process an XML file using a...