CVE-2024-8544

The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-49686

Missing Authorization vulnerability in fatcatapps Landing Page Cat landing-page-cat.This issue affects Landing Page Cat: from n/a through = 1.7.4...

CVE-2024-9226

The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.6. This makes it possible for...

CVE-2023-47545

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin = 2.5.4 versions...

CVE-2021-24922

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2021-24972

The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24788

The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user including simple subscribers can add/set/delete arbitrary categories to posts...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2009-3499

SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter...

CVE-2025-4169 Posts per Cat [Unmaintained] <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Posts per Cat Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Posts per Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2025-26992

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through = 1.7.8...

Malicious code in @cat-wc/utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac8c9db89562180d78f3b248882e95e33c0c24a2bc4ffdfd76b1029506f1393d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-26992

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through = 1.7.8...

CVE-2025-26992

CVE-2025-26992 is a Reflected XSS in the WordPress plugin Landing Page Cat (versions up to 1.7.8). The issue stems from improper input neutralization during web page generation, enabling a reflected cross-site scripting attack. The vulnerability is associated with a CVSSv3.1 base score of 7.1 (HI...

CVE-2025-26992 WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through = 1.7.8...

WordPress plugin Landing Page Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

PT-2025-16326 · Unknown · Landing Page Cat

Name of the Vulnerable Software and Affected Versions: Landing Page Cat versions 1.7.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inje...

WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Landing Page Cat versions = 1.7.8...

CVE-2025-30877

Missing Authorization vulnerability in fatcatapps Quiz Cat quiz-cat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz Cat: from n/a through = 3.0.8...