CVE-2025-50053

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nebelhorn Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin – Your native, mobile iPhone App...

EUVD-2024-34092

Malicious code in bioql PyPI...

CVE-2025-9200

CVE-2025-9200 affects the WordPress plugin “Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App”. The issue is an unauthenticated SQL Injection via nh_ynaa_comments() present in all versions up to 0.8.8.8, caused by insufficient escaping of user-supplied input and inadequa...

ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +649 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0-M7 <=3.12.1)

co.fs2:fs2-io2.13 MAVEN version =3.0.0-M7, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory...

WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Blappsta Mobile App Plugin Your native, mobile iPhone App and Android App versions = 0.8.8.8...

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

CVE-2024-1761

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it...

CVE-2023-26010

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPMobile.App plugin = 11.18 versions...

Malicious code in kupo-app-secure-store-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d04ed47c7e296896a93ec11ccbe851b0a3d33f3afe06d2aaba32be6263363a33 The OpenSSF Package Analysis project identified 'kupo-app-secure-store-plugin' @ 99.0.0 npm as malicious. It is considered malicious because: -...

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

WordPress WP Chat App plugin < 3.6.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Chat App versions 3.6.4...

WordPress Form to Chat App plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Form to Chat App versions = 1.1.6...

WordPress WP Chat App plugin <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Block Image Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin WP Chat App versions = 3.6.2...

WordPress WP Chat App Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Chat App Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1761 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b848bc725213 Credits Ngô Thiên An ancorn Required...

PT-2024-18283 · WordPress · Wp Chat App

Name of the Vulnerable Software and Affected Versions: WP Chat App plugin for WordPress versions up to, and including, 3.6.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes such as buttonColor and phoneNumber. This allows...

CVE-2023-51370 WordPress WP Chat App Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NinjaTeam WP Chat App allows Stored XSS.This issue affects WP Chat App: from n/a through 3.4.4...

Design/Logic Flaw

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6768 more potentially affected by CVE-2016-1000342 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000342 Source advisory: OSV:GHSA-QCJ7-G2J5-G7R3...

SweetRice 1.5.1 Cross Site Request Forgery / Cross Site Scripting

alert1' alert1 3. Xss in Page Limit: Payload should inject in cookies. Vulnerable Parameter : pagelimit Headers : GET /as/?appmode=database&plugin=App&type=plugin& HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept:...