EUVD-2022-55991

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...

CVE-2022-50970

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...

CVE-2022-50970

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...

WordPress plugin AAWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-39495

WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrar...

EUVD-2025-10326

Malicious code in bioql PyPI...

CVE-2022-4794

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies...

CVE-2025-3432

The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

CVE-2025-3432

CVE-2025-3432 corresponds to a stored Cross-Site Scripting vulnerability in the AAWP Obfuscator WordPress plugin. According to the connected information, the issue arises from insufficient input sanitization and output escaping in the data-aawp-web parameter, affecting all versions up to and incl...

CVE-2025-3432 AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting

The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

CVE-2025-3432 AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting

The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

PT-2025-15410 · WordPress · Aawp Obfuscator

Name of the Vulnerable Software and Affected Versions: AAWP Obfuscator plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the data-aawp-web parameter...

WordPress plugin AAWP Obfuscator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress AAWEP Obfuscator plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Pierre Rudloff in WordPress Plugin AAWP Obfuscator versions = 1.0...

CVE-2022-4794

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies...

Design/Logic Flaw

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies...

CVE-2022-4794 AAWP < 3.12.3 - Unsafe URL Handling

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies...

CVE-2022-4794 AAWP < 3.12.3 - Unsafe URL Handling

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies...

CVE-2022-4794

CVE-2022-4794 affects the WordPress plugin AAWP , prior to version 3.12.3. The root cause is unsafe URL handling that enables a Reflected File Download to load malware or files from trusted domains, bypassing some firewall rules. The vulnerability is supported by multiple sources: NVD/Red Hat ent...

WordPress AAWP Plugin < 3.12.3 is vulnerable to Other Vulnerability Type

Software AAWP Type Plugin Vulnerable versions 3.12.3 Fixed in 3.12.3 OWASP Top 10 A6: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2022-4794 Patch priority Low CVSS severity Low 3.1 Developer Claim ownership PSID 137f96d60cee Credits Daniel Ruf Required privilege...