EUVD-2026-8613

Mercator is an open source web application designed to enable mapping of information systems. A stored Cross-Site Scripting XSS vulnerability exists in Mercator prior to version 2026.02.22 due to the use of unescaped Blade directives !! !! in display templates. An authenticated user with the User...

EUVD-2022-30267

Malicious code in bioql PyPI...

EUVD-2022-37759

Malicious code in bioql PyPI...

EUVD-2022-33786

Malicious code in bioql PyPI...

EUVD-2022-33780

Malicious code in bioql PyPI...

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...

CVE-2022-33960 WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated subscriber or higher user role SQL Injection SQLi vulnerabilities in Social Share Buttons by Supsystic plugin = 2.2.3 at WordPress...

CVE-2022-29452

Authenticated editor or higher user role Stored Cross-Site Scripting XSS vulnerability in Export All URLs plugin = 4.1 at WordPress...

CVE-2022-29443

Multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Nicdark's Hotel Booking plugin = 3.0 at WordPress...

CVE-2022-29438

Authenticated author or higher user role Persistent Cross-Site Scripting XSS vulnerability in Image Slider by NextCode plugin = 1.1.2 at WordPress...

CVE-2021-36833

Authenticated admin or higher user role Stored Cross-Site Scripting XSS vulnerability in ibericode's MC4WP plugin = 4.8.6 at WordPress...

CVE-2021-36912 Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability in Andrea Pernici News Sitemap for Google plugin = 1.0.16 on WordPress, attackers must have contributor or higher user role...

Cross site scripting

Authenticated admin user role Stored Cross-Site Scripting XSS in WP-Appbox WordPress plugin = 4.3.20...

CVE-2021-36910 WordPress WP-Appbox plugin <= 4.3.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin user role Stored Cross-Site Scripting XSS in WP-Appbox WordPress plugin = 4.3.20...

CVE-2021-36851 WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability

Authenticated editor or higher user role Cross-Site Scripting XSS vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin WordPress plugin via parameters mpsppostsbgcolor, mpsppostsdescriptioncolor, mpspslidenavbuttoncolor...

CVE-2021-23209 WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated admin user role Persistent Cross-Site Scripting XSS vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin versions = 1.0.77.32...

Stock in & out <= 1.0.4 - Authenticated SQL Injection

The plugin lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability. PoC...

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file. The module doesn't sufficiently check access when building the CSV file, allowing logged-in users without the manage members permission to be able to export all data from a...