36 matches found
EUVD-2025-17153
Malicious code in bioql PyPI...
EUVD-2023-51910
Malicious code in bioql PyPI...
EUVD-2024-19854
Malicious code in bioql PyPI...
EUVD-2025-3020
Malicious code in bioql PyPI...
CVE-2025-49453
Cross-Site Request Forgery CSRF vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through = 1.1...
CVE-2025-49453
Cross-Site Request Forgery CSRF vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through = 1.1...
CVE-2025-49453 WordPress BP Profile as Homepage plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through = 1.1...
CVE-2025-49453
CVE-2025-49453 is a CSRF-to-Stored XSS vulnerability in the BP Profile as Homepage WordPress plugin. The connected Red Hat and vulnerability record confirm the issue affects BP Profile as Homepage up to version 1.1, with CVSSv3.1 base score 7.1 (HIGH) and a network attack vector requiring user in...
PT-2025-24271 · Unknown · Bp Profile As Homepage
Name of the Vulnerable Software and Affected Versions: BP Profile as Homepage versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...
WordPress plugin BP Profile as Homepage 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
CVE-2025-22817
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Venutius BP Profile Shortcodes Extra bp-profile-shortcodes-extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through = 2.6.0...
CVE-2024-22293
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...
CVE-2025-22817
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Venutius BP Profile Shortcodes Extra bp-profile-shortcodes-extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through = 2.6.0...
CVE-2025-22817 WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Venutius BP Profile Shortcodes Extra bp-profile-shortcodes-extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through = 2.6.0...
CVE-2025-22817
CVE-2025-22817 is an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin BP Profile Shortcodes Extra. Affected versions are reported as from n/a through 2.6.0. The issue stems from improper neutralization of input during web page generation, enabling stored XSS. ...
WordPress plugin BP Profile Shortcodes Extra 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
CVE-2024-7850
The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bpsajaxfieldselector, bpsajaxtemplateoptions, and bpsajaxfieldrow functions. This makes it possible for...
WordPress plugin BP Profile Search 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress BP Profile Search Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software BP Profile Search Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7850 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c231ea7c4aad Credits vgo0 Required...
CVE-2024-22293
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...