12 matches found
EUVD-2025-4842
Malicious code in bioql PyPI...
CVE-2024-12005
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...
CVE-2024-13578
The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13578 WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13578 WP-BibTeX <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13578
CVE-2024-13578 affects the WP-BibTeX WordPress plugin. The vulnerability is a stored XSS via the plugin’s WpBibTeX shortcode in all versions up to 3.0.1, caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated access at contri...
CVE-2024-12005
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...
CVE-2024-12005
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...
CVE-2024-12005
CVE-2024-12005 concerns the WP-BibTeX WordPress plugin. The linked documents confirm a Cross-Site Request Forgery weakness in all versions up to 3.0.1, caused by missing or incorrect nonce validation on the wp_bibtex_option_page() function. This vulnerability is described as enabling unauthentica...
CVE-2024-12005 WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...
CVE-2024-12005 WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting
The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...
PT-2025-1726 · WordPress · Wp-Bibtex
Name of the Vulnerable Software and Affected Versions: WP-BibTeX plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is due to missing or incorrect nonce validation on the wp bibtex option page function, making it possible for unauthenticated attackers to inject...