120988 matches found
WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...
CVE-2025-12076
The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin Social Media Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2025-197966
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage
The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin WP Twitter Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...
WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...
Malicious code in webdriver-manager-parcel-innercore-redgiant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2f785d53eb57cf7662b6f998c6b059fc8dab31a64d5eb9fe8f614df352667b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in levels-lacerta-entanglement-entanglement (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16642552a6d597c86591a4a1cbb8f43b1ad3684cde6618a09349b8f72810b1d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chariklo-sirius-relay-leda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36395446d117db20dfc560238e298b2ec80005ef394f3218019c4bc3463d8854 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in janus-robotics-optimize-css-assets-webpack-plugin-jovian (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0793378417a72050f4ae70f826a2da21befcf17f43ea0e8d0157e0268e5eedfe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in less-pavo-restart-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a129e765e40e8dce28ab9e4ec2c9ad3d9c0771c06a7bc9dbd4186cb47a879e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in tachyon-mesosphere-spinner-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0199d4ad6da5ed57f1010cac95dc16558ece4d84ae6e6c6fb857dc52e6c6370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mocha-neptunology-flare-galaxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6d37bf0614ce1300b08987292992ee91266002a191b2baf94fb221bc877a9b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gemini-gravity-xanadu-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef8b0e335c02e9e3202c8e0195d3bfd55501baef7ef0af424b6b5b8eb2310c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in kronos-inquirer-promise-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 061924477c364a15646e4464bbe03fb996300c139bfe1c00cc40eef390aa71a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gamma-integer-hash-double-tau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68843289b91c66d58ea6949f006e97f32e4b097feb47c1b22cf3d57e75c7050a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...