15 matches found
CVE-2025-14545
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...
EUVD-2025-209399
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...
CVE-2025-14545
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...
CVE-2025-14545
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...
CVE-2025-14545 YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed Generation
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...
EUVD-2024-17122
Malicious code in bioql PyPI...
EUVD-2024-49896
Malicious code in bioql PyPI...
EUVD-2023-34888
Malicious code in bioql PyPI...
CVE-2024-9378
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-1365
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feedid parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2024-9378
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
PT-2024-39606 · Yandex · Yml For Yandex Market Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: YML for Yandex Market plugin for WordPress versions up to, and including, 4.7.2 Description: The issue is related to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2024-1365
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feedid parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2023-30473
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov YML for Yandex Market plugin = 3.10.7 versions...
CVE-2023-30473
CVE-2023-30473 affects WordPress plugin YML for Yandex Market (author Maxim Glazunov) up to version 3.10.7, with unauthenticated reflected XSS. Patch guidance is to upgrade to 3.10.8 or later. Public sources in connected docs confirm XSS as the vulnerability class and indicate the fix/version. No...