CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

CVE-2026-31799

CVE-2026-31799 affects Tautulli (Python-based Plex monitor) where the /api/v2?cmd=get_home_stats endpoint passes query parameters (section_id, user_id, before, after) directly into SQL via Python %-string formatting without parameterization, from versions 2.14.2–2.16.x (before 2.17.0) for certain...

PT-2026-4585

The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-9030

The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'beforelabel' and 'afterlabel' parameters in versions less than, or equal to, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-9030

CVE-2025-9030 concerns the Majestic Before After Image WordPress plugin (versions

PT-2025-40619

Name of the Vulnerable Software and Affected Versions Majestic Before After Image plugin for WordPress versions prior to 2.0.2 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with...

WordPress plugin Majestic Before After Image 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

EUVD-2024-22294

Malicious code in bioql PyPI...

CVE-2025-4479

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-24931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

CVE-2022-4580

The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Exploit for Unrestricted Upload of File with Dangerous Type in Themefic Ultimate_Before_After_Image_Slider_\&_Gallery

Ultimate Before After Image Slider & Gallery – BEAF 1: lo: mt...

CVE-2024-22286

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aluka BA Plus – Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus – Before & After Image Slider FREE: from n/a through 1.0.3...

WordPress Plugin Ultimate Before After Image Slider & Gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Ultimate Before After Image Slider &...

CVE-2024-24931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

CVE-2024-24931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

CVE-2024-24931

CVE-2024-24931 concerns the Before After Image Slider WP plugin (versions through 2.2) with a Stored XSS due to improper neutralization of input during web page generation. Multiple sources (Wordfence, Red Hat advisory, CVE listing, PATCHSTACK) reiterate the same: vulnerable plugin/version, Store...

CVE-2024-24931 WordPress Before After Image Slider WP Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2...

WordPress Plugin Before After Image Slider WP Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...