77 matches found
EUVD-2018-10077
Malware in sbrugna...
EUVD-2025-8058
Malicious code in bioql PyPI...
EUVD-2025-2904
Malicious code in bioql PyPI...
CVE-2024-13731
The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-13731 Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block
The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-13731
CVE-2024-13731 – The Alert Box Block plugin for WordPress (all versions up to 1.1.3) is affected by a Stored XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject scripts on...
WordPress plugin Alert Box Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Alert B...
WordPress Alert Box Block – Display notice/alerts in the front end plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by WordFence in WordPress Plugin Alert Box Block – Display notice/alerts in the front end versions = 1.1.3...
CVE-2025-22675
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through =...
CVE-2025-22675
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through =...
CVE-2025-22675 WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end alert-box-block allows Stored XSS.This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through =...
CVE-2025-22675 WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end allows Stored XSS. This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through 1.1.0...
CVE-2025-22675
CVE-2025-22675 corresponds to a stored XSS vulnerability in the WordPress plugin Alert Box Block – Display notice/alerts in the front end, exploitable via improper input neutralization during page generation. Affected versions are <= 1.1.0. The vulnerability is confirmed in multiple sources; P...
WordPress plugin Alert Box Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Alert B...
PT-2025-4616 · WordPress · Bplugins Alert Box Block
Name of the Vulnerable Software and Affected Versions: bPlugins Alert Box Block – Display notice/alerts in the front end versions 1.1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This...
WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Pham Van Tam Patchstack Alliance in WordPress Plugin Alert Box Block – Display notice/alerts in the front end versions = 1.1.0...
Gitea 1.22.0 - Stored XSS
Exploit Title: Stored XSS in Gitea Date: 27/08/2024 Exploit Authors: Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/go-gitea/gitea Version: 1.22.0 Tested on: Linux 5.15.0-107, Go 1.23.0 CVE: CVE-2024-6886 Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored...
CMS Made Simple 2.2.19 Cross Site Scripting Vulnerability
Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory: place payload "...
Popup Box Pro < 7.9.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent
Description The plugin does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. 1 Make sure the plugin's Enable User Agent For Log setting is set at /wp-admin/admin.php?page=ualpsettings 2 If you're...