EUVD-2021-11639

Malware in sbrugna...

EUVD-2022-1500

Malicious code in bioql PyPI...

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2020-21845

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'...

CVE-2018-10083

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter...

PT-2023-11379 · Woocommerce · Abandoned Cart Pro For Woocommerce +1

Name of the Vulnerable Software and Affected Versions: Abandoned Cart Lite for WooCommerce versions up to, and including, 5.1.3 Abandoned Cart Pro for WooCommerce versions up to, and including, 7.12.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS

The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue PoC curl -H 'x-tomato: ' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History dashboard...