CVE-2025-58666 WordPress Website Chat Button: Kommo integration Plugin <= 1.3.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration website-chat-button-kommo-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Website Chat Button: Kommo integration: from n/a through = 1.3.1...

WordPress plugin Website Chat Button Kommo integration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

WordPress plugin Podlove Subscribe button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-38955

Name of the Vulnerable Software and Affected Versions Kommo Website Chat Button versions through 1.3.1 Description An authorization issue exists in the Kommo Website Chat Button integration, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update...

PT-2025-38892

Name of the Vulnerable Software and Affected Versions Podlove Subscribe button versions through 1.3.11 Description The Podlove Subscribe button software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for...

Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks

It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...

Linux Distros Unpatched Vulnerability : CVE-2018-19877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. CVE-2018-19877 Note that Nessus relies on the presence of the package ...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...

CVE-2025-9849

The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

TOTOLINK A702R /boafrm/formOneKeyAccessButton File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file...

CVE-2025-9782

CVE-2025-9782 affects TOTOLINK A702R firmware version 4.0.0-B20211108.1423. The issue is in the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton, where manipulating the submit-url argument can cause a buffer overflow. This vulnerability can be exploited remotely, and public PoC/expl...

CVE-2025-48320

Cross-Site Request Forgery CSRF vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through = 1.0.6...

CVE-2025-48320 WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6...

CVE-2025-48320

CVE-2025-48320 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 百度分享按钮 (WordPress Baidu Share Button) that enables stored XSS. The issue affects the plugin versions from at least the earliest public disclosure up to version 1.0.6 . The CVE notes the vulnerabilit...

CVE-2025-48320 WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through = 1.0.6...

PT-2025-35008

Cross-Site Request Forgery CSRF vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6...

WordPress plugin 百度分享按钮 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Bai...

MAL-2025-41894 Malicious code in @espace-client-axafr/round-button (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in @espace-client-axafr/round-button (npm)

The package communicates with a domain associated with malicious activity...

WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin 百度分享按钮 versions = 1.0.6...