29 matches found
EUVD-2023-28036
Malicious code in bioql PyPI...
EUVD-2023-27953
Malicious code in bioql PyPI...
EUVD-2023-28068
Malicious code in bioql PyPI...
EUVD-2023-28066
Malicious code in bioql PyPI...
CVE-2023-23870
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 versions...
CVE-2023-23972
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...
CVE-2023-24004
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin = 2.1.5 versions...
CVE-2023-46075
Unauth. Reflected Cross-Site Scripting XSS vulnerability in wpdevart Contact Form Builder, Contact Widget plugin = 2.1.6 versions...
CVE-2023-0177
The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-24002
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...
CVE-2022-0876
The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-10856
The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the id parameter in the “wpdevartbookingcalendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...
CVE-2024-10856
CVE-2024-10856 affects the Booking Calendar WpDevArt plugin for WordPress, up to version 3.2.19. The flaw is a time-based, blind SQL injection via the id parameter in the shortcode wpdevart_booking_calendar, conditioned on the theme option delete_prev_date being enabled. The issue arises from ins...
CVE-2023-24002
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...
CVE-2023-24002
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...
CVE-2023-24002 WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...
CVE-2023-23972
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...
CVE-2023-23972 WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...
CVE-2023-23972 WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...