2670 matches found
WordPress plugin Unlimited Elements for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Cross-site Scripting (XSS)
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of...
CVE-2025-61642
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects...
CVE-2025-61642
CVE-2025-61642 is a MediaWiki XSS vulnerability (improper input neutralization during web page generation) affecting MediaWiki before 1.39.14, 1.43.4, and 1.44.1, linked to CodexHTMLForm.Php and HTMLButtonField.Php. Public details across Red Hat and Debian advisories confirm remote XSS with infor...
CVE-2025-61642 Stored XSS through system messages provided to CodexHtmlForms
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects...
CVE-2025-61636 Codex Special:Block vulnerable to message key XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...
CVE-2025-61636 Codex Special:Block vulnerable to message key XSS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...
WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Dual Button Widget vulnerability discovered by RandomRoot in WordPress Plugin Elementor Addon Elements versions = 1.12.12...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState functions. An attacker can execute arbitrary...
PT-2026-5721
Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description A flaw exists in jsPDF, a JavaScript library for generating PDFs, where user control over properties and methods within the Acroform module can lead to the injection of arbitrary PDF objects, including...
CVE-2022-50797
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
EUVD-2022-55951
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
CVE-2022-50797
The CVE-2022-50797 entry concerns the Stripe Green Downloads Wordpress Plugin version 2.03, which contains a persistent cross-site scripting (XSS) flaw. The vulnerability targets button label fields (via settings) and can allow remote attackers to inject and execute arbitrary scripts, with potent...
CVE-2022-50797
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
WordPress plugin Stripe Green Downloads 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-5566
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
CVE-2026-1380
The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...