27 matches found
@fedify/botkit (>=0.4.0-dev.177 <=0.4.0-dev.181), @fedify/botkit-sqlite (>=0.4.0-dev.177 <=0.4.0-dev.181) potentially affected by CVE-2026-34148 via @fedify/fedify (=1.10.0)
@fedify/fedify NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.177, =0.4.0-dev.177, =0.4.0-dev.181 Source cves: CVE-2026-34148 Source advisory: OSV:GHSA-GM9M-GWC4-HWGP...
@fedify/botkit (>=0.4.0-dev.182 <=0.4.0-dev.183), @fedify/botkit-sqlite (>=0.4.0-dev.182 <=0.4.0-dev.183) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=2.0.0 <=2.0.7)
@fedify/fedify NPM version =2.0.0, =0.4.0-dev.182, =0.4.0-dev.182, =2.0.0, =2.0.16 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYFEDIFY-15928876...
@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (=2.1.0)
@fedify/fedify NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 Source cves: CVE-2026-34148 Source advisory:...
@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (=2.1.0)
@fedify/vocab-runtime NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/vocab-runtime and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 - @fedify/fedify =2.1.0 -...
@de-otio/trellis (>=0.4.0 <=0.7.1), @fedify/amqp (>=0.1.0 <=0.2.0-dev.12) +6 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=1.10.0 <=1.9.2)
@fedify/fedify NPM version =1.10.0, =0.4.0, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =1.1.20 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYFEDIFY-15928876...
@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (=2.1.0)
@fedify/vocab-runtime NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/vocab-runtime and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 - @fedify/fedify =2.1.0 -...
@fedify/botkit (>=0.4.0-dev.182 <=0.4.0-dev.183), @fedify/botkit-sqlite (>=0.4.0-dev.182 <=0.4.0-dev.183) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (>=2.0.0-dev.100 <=2.0.7)
@fedify/vocab-runtime NPM version =2.0.0-dev.100, =0.4.0-dev.182, =0.4.0-dev.182, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.16 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYVOCABRUNTIME-15928877...
@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (=2.1.0)
@fedify/fedify NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 Source cves: CVE-2026-34148 Source advisory:...
@fedify/botkit (>=0.4.0-dev.177 <=0.4.0-dev.181), @fedify/botkit-sqlite (>=0.4.0-dev.177 <=0.4.0-dev.181) potentially affected by CVE-2026-34148 via @fedify/fedify (=1.10.0)
@fedify/fedify NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.177, =0.4.0-dev.177, =0.4.0-dev.181 Source cves: CVE-2026-34148 Source advisory:...
CVE-2025-13887
The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-13887
The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-13887
CVE-2025-13887 affects the WordPress plugin AI BotKit – AI Chatbot for WordPress. It is a Stored Cross-Site Scripting vulnerability via the query parameter 'id' in the ai_botkit_widget shortcode, exploitable by authenticated users with Contributor-level access and above. Affected versions: all un...
CVE-2025-13887 AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-13887 AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin AI BotKit – AI Chatbot & Live Support for WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress AI BotKit plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin AI BotKit versions = 1.1.7...
@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-68475 via @fedify/fedify (=1.8.1-dev.1262)
@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-68475 Source advisory: OSV:GHSA-RCHF-XWX2-HM93...
@fedify/botkit (>=0.3.0-dev.125 <=0.3.0-dev.131) potentially affected by CVE-2025-68475 via @fedify/fedify (=1.8.1-dev.1262)
@fedify/fedify NPM version =1.8.1-dev.1262 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.3.0-dev.125, =0.3.0-dev.131 Source cves: CVE-2025-68475 Source advisory: SNYK:JS-FEDIFYFEDIFY-14552161...
MAL-2025-16010 Malicious code in botkit-storage-mongo-updated (npm)
The package botkit-storage-mongo-updated was found to contain malicious code...
Malicious code in botkit-storage-mongo-updated (npm)
The package botkit-storage-mongo-updated was found to contain malicious code...