📄 WordPress Contact List 3.0.17 Cross Site Scripting

WordPress Contact List plugin versions 3.0.17 and below suffer from a persistent cross site scripting vulnerability. CVE-2026-3516: Authenticated Stored Cross-Site Scripting XSS in Contact List Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...

WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...

EUVD-2009-3916

Malware in sbrugna...

EUVD-2020-30520

Malware in sbrugna...

EUVD-2020-30521

Malware in sbrugna...

EUVD-2020-30522

Malware in sbrugna...

EUVD-2020-30514

Malware in sbrugna...

EUVD-2010-5055

Malware in sbrugna...

EUVD-2023-12782

Malicious code in bioql PyPI...

EUVD-2025-30923

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-58674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is...

BIT-WORDPRESS-MULTISITE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

BIT-WORDPRESS-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can execute arbitrary scripts in the context of other users by submitting crafted input as a user with Author or...

CVE-2025-58674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

UBUNTU-CVE-2025-58674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

CVE-2025-58674

CVE-2025-58674 corresponds to a Stored XSS in WordPress core. Affected are WordPress versions from 4.7 through 6.8.2 and many 5.x/6.x branches listed in the entry; exploitation requires an attacker with Author or higher privileges and some user interaction. The issue is rated medium (CVSSv3.1: AV...

CVE-2025-58674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...

CVE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user...