WordPress Email Encoder Bundle Plugin < 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions 2.2.2 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5d3ad3645d3e Credits Krugov Artyom Require...

CVE-2024-38477

creationtimestamp| type| source ---|---|--- 2024-07-17 12:43:59+00:00| seen| https://vulnerability.circl.lu/bundle/a23cbcad-e890-4df8-8736-9332ed4c3d47 2024-10-05 20:59:37+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8689 2024-10-06 03:39:45+00:00| published-proof-of-concept|...

CVE-2024-38473

creationtimestamp| type| source ---|---|--- 2024-07-17 12:43:59+00:00| seen| https://vulnerability.circl.lu/bundle/a23cbcad-e890-4df8-8736-9332ed4c3d47 2024-08-23 04:51:07+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8332 2024-08-23 14:04:28+00:00| published-proof-of-concept|...

CVE-2022-48852

creationtimestamp| type| source ---|---|--- 2024-07-16 16:16:58+00:00| seen| https://t.me/cvedetector/958 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2022-48863

creationtimestamp| type| source ---|---|--- 2024-07-16 16:16:51+00:00| seen| https://t.me/cvedetector/954 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2022-48865

creationtimestamp| type| source ---|---|--- 2024-07-16 16:16:50+00:00| seen| https://t.me/cvedetector/953 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2022-48825

creationtimestamp| type| source ---|---|--- 2024-07-16 15:26:21+00:00| seen| https://t.me/cvedetector/937 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2022-48826

creationtimestamp| type| source ---|---|--- 2024-07-16 15:26:11+00:00| seen| https://t.me/cvedetector/930 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

CVE-2023-52886

creationtimestamp| type| source ---|---|--- 2024-07-16 12:55:41+00:00| seen| https://t.me/cvedetector/927 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

PT-2024-8105 · Unknown · Data Center Expert

Name of the Vulnerable Software and Affected Versions: Data Center Expert affected versions not specified Description: The issue is related to an improper verification of cryptographic signature, which could compromise the Data Center Expert software. This vulnerability allows an attacker to...

CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

CVE-2024-39490

creationtimestamp| type| source ---|---|--- 2024-07-10 10:54:46+00:00| seen| https://t.me/cvedetector/528 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

MAL-2024-2229 Malicious code in down_load_epub_bindle_punk_bruja_q4lej5 (npm)

--- -= Per source details. Do not edit below this line.=-...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leadi...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leadi...

WordPress Widget Bundle plugin <= 2.0.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Widget Bundle versions = 2.0.0...

WordPress Widget Bundle plugin <= 2.0.0 - Unauthenticated Reflected XSS vulnerability

Unauthenticated Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Widget Bundle versions = 2.0.0...

CVE-2024-4616

The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

CVE-2024-4969

The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack...

CVE-2024-4970

The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...