26 matches found
EUVD-2016-1920
Malware in sbrugna...
EUVD-2016-1968
Malware in sbrugna...
EUVD-2017-9663
Malware in sbrugna...
EUVD-2022-38827
Malicious code in bioql PyPI...
WordPress A/B Testing for WordPress plugin cross-site scripting vulnerability
WordPress A/B Testing for WordPress plugin is a plugin for A/B testing in WordPress websites, which is mainly used to help optimize website conversions by comparing the effects of different page elements such as titles, button colors, content, etc.. The WordPress A/B Testing for WordPress plugin...
CVE-2025-4587
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
WordPress A/B Testing for WordPress plugin <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin A/B Testing for WordPress versions = 1.18.2...
CVE-2025-4587 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
CVE-2025-4587 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
Malicious code in kwp-a-b-testing (npm)
The package communicates with a domain associated with malicious activity...
CVE-2024-13868
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-36065
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
Google Search user interface: A/B testing shows security concerns remain
For the past few days, Google has been A/B testing some subtle visual changes to its user interface for the search results page. You may only get the new UI for certain types of searches or based on your current geolocation. This test is not to be confused with but could part of a previously...
CVE-2023-46746
CVE-2023-46746 concerns PostHog (self-hosted) where a server-side request forgery (SSRF) vulnerability could be exploited by authenticated users. The root cause is that PostHog did not verify whether a URL is local when enabling webhooks, allowing an authenticated user to forge a POST request. Th...
CVE-2023-37891
Cross-Site Request Forgery CSRF vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin = 2.0.4 versions...
WordPress Nugget by Ingot: Easy, automated and native A/B testing for everyone Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Nugget by Ingot: Easy, automated and native A/B testing for everyone Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
Better A/B Testing with EdgeWorkers + EdgeKV
Learn how to use Akamai EdgeWorkers and EdgeKV to create easy-to-control A/B tests...
CVE-2022-36065
GrowthBook (self-hosted) prior to 2022-08-29 is affected by an account creation and arbitrary file-upload vulnerability that can lead to remote code execution if a Python script is uploaded to an arbitrary directory inside the container. Exploitation requires all of: self-hosted deployment (Growt...
CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
WordPress "Nugget by Ingot: Easy, automated and native A/B testing for everyone" plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress "Nugget by Ingot: Easy, automated and native A/B testing for everyone" plugin versions = 1.0.0. Solution No patched version available...