106 matches found
EUVD-2024-35449
Malicious code in bioql PyPI...
EUVD-2025-17435
Malicious code in bioql PyPI...
EUVD-2025-16697
Malicious code in bioql PyPI...
EUVD-2025-2943
Malicious code in bioql PyPI...
EUVD-2025-2895
Malicious code in bioql PyPI...
CVE-2025-8902
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8902
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8902 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8902
CVE-2025-8902 refers to the WordPress plugin Widget Options - Extended . The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the plugin’s shortcodes (specifically the do_sidebar shortcode) across versions up to and including 5.2.1, caused by insufficient input sanitization and output...
CVE-2025-8902 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Widget Options - Extended 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Widget Options - Extended plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Widget Options - Extended plugin = 5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Widget Options - Extended versions = 5.2.1...
CVE-2025-3581
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...
CVE-2025-3581
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...
CVE-2025-3581
CVE-2025-3581 affects the Newsletter WordPress plugin (versions prior to 8.8.5). The issue is a failure to validate/escape certain Widget options before output, enabling a stored XSS when the block is embedded on a page/post, potentially exploitable by high-privilege users such as admins, includi...
CVE-2025-4567
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...
CVE-2025-4567
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...
CVE-2025-4567 Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...
CVE-2025-22722
Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through = 4.0.8...
CVE-2024-35691
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0...