CVE-2025-11873

The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

EUVD-2025-60973

The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-11873 WP BBCode <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-11873 WP BBCode <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

WordPress WP BBCode plugin <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WP BBCode versions = 1.8.1...

WordPress plugin WP BBCode 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers. WordPress plugin is an application plugin. A cross-site...

PT-2025-46260

Name of the Vulnerable Software and Affected Versions WP BBCode plugin for WordPress versions up to and including 1.8.1 Description The WP BBCode plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'url' shortcode. This is due to inadequate input sanitization and output...

EUVD-2005-1451

Malware in sbrugna...

EUVD-2022-48993

Malicious code in bioql PyPI...

WordPress azurecurve BBCode plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via url Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin azurecurve BBCode versions = 2.0.4...

Linux Distros Unpatched Vulnerability : CVE-2012-4230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allow...

CVE-2022-46162

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

CVE-2022-46162

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

PT-2022-27779 · Discourse · Discourse-Bbcode

Name of the Vulnerable Software and Affected Versions: discourse-bbcode versions prior to commit 91478f5 Description: The issue affects sites with the discourse-bbcode plugin installed and enabled, allowing CSS injection when rendering content generated with the plugin. As a workaround, enabling...

UBUNTU-CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

Cross site scripting

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

CVE-2012-4230

CVE-2012-4230 affects the TinyMCE 3.5.8 bbcode plugin, where the plugin does not properly enforce the security policy for two directives: (1) encoding and (2) valid_elements. This misconfiguration allows attackers to perform cross-site scripting (XSS) via application-specific vectors, demonstrate...