CVE-2024-13862

The S3Bubble Media Streaming AWS|Elementor|YouTube|Vimeo Functionality WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13836

The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13864

CVE-2024-13864 affects the WordPress plugin Countdown Timer (pre-1.0) and is caused by insufficient sanitization/escaping of a parameter when outputting it on the page, enabling a reflected XSS. The vulnerability targets high-privilege users (admin) and could compromise their session/credentials ...

CVE-2024-13864 Countdown Timer <= 1.0 - Reflected XSS

The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13853

The CVE-2024-13853 entry concerns the WordPress SEO Tools plugin (version up to 4.0.7). Affected component: rssread.php parameter handling of the 'src' parameter, where improper sanitisation/escaping allows reflected cross-site scripting. This could let an attacker execute arbitrary JavaScript in...

CVE-2024-13615 Social Media Plugin by Social Snap <= 1.3.6 - Admin+ Stored XSS

The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

CVE-2025-1363 easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-13825 Email Keep <= 1.1 - Reflected XSS

The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-27647

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002...

CVE-2024-13868

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13868

CVE-2024-13868 concerns the URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin (

RSUPPORT RemoteView Agent 安全漏洞

RSUPPORT RemoteView Agent is a remote control agent program from RSUPPORT Japan. A security vulnerability exists in RSUPPORT RemoteView Agent versions prior to v8.1.5.2, which stems from incorrect access privileges to specific services, and could cause a non-administrative user to execute arbitra...

CVE-2025-27647

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002...

CVE-2025-27647

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002...

CVE-2025-27647

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002...

Magento LTS vulnerable to stored XSS in theme config fields

As reported by Aakash Adhikari, Github: @justlife4x4, the Design Themes Skin Images / CSS config field allows a Stored XSS when it contains an end script tag. Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the...

GHSA-5PXH-89CX-4668 Magento LTS vulnerable to stored XSS in theme config fields

As reported by Aakash Adhikari, Github: @justlife4x4, the Design Themes Skin Images / CSS config field allows a Stored XSS when it contains an end script tag. Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the...

CVE-2024-13628

The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13624

The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13669

The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...