229 matches found
WordPress Bulma Shortcodes plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bulma Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...
CVE-2025-11802
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11802
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2025-198395
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11802 Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11802
Summary of CVE-2025-11802. The Bulma Shortcodes plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability via the type attribute of the bulma-notification shortcode. This applies to all versions up to and including 1.0. authenticated attackers with Contributor+ privile...
CVE-2025-11802 Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-47686
The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' shortcode attribute in the bulma-notification shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Bulma Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bulma Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...
WordPress Bulma Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Bulma Shortcodes versions = 1.0...
EUVD-2025-180374
Malicious code in aquarius-jsonp-technocracy-bulma npm...
Malicious code in bulma-equinox-build-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936f198e0e70f653d369a2d4c68b7759255a33a0397ab6045251c30465cc7e9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185932 Malicious code in bulma-equinox-build-nova (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936f198e0e70f653d369a2d4c68b7759255a33a0397ab6045251c30465cc7e9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178976
Malicious code in exoplanet-string-bulma-tardigrade npm...
EUVD-2025-179945
Malicious code in bulma-titan-axios-ariel npm...
EUVD-2025-179949
Malicious code in bulma-interferometry-mesosphere-jabbah npm...
EUVD-2025-177243
Malicious code in perturbation-bulma-mensa-eventhoriz npm...
EUVD-2025-180281
Malicious code in astrophysics-extremophile-library-bulma npm...
MAL-2025-185893 Malicious code in bootstrap-solis-bulma-zooarchaeology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3c4b90b728e10c24b350f3bbaa8da21ea46f25f548e1c3a7dbb67672704c24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176816
Malicious code in radiant-relay-castor-bulma npm...