WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

Malicious code in @bmg-web/bmg-checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1670cde81640c3ef6602cd58c332cc7af5d682ac200e16addc67e3afcc2ff67f The package @bmg-web/bmg-checkbox was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2983 Malicious code in @bmg-web/bmg-checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1670cde81640c3ef6602cd58c332cc7af5d682ac200e16addc67e3afcc2ff67f The package @bmg-web/bmg-checkbox was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

Malicious code in @emerald-react/checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d32a1bb5753affaccc3f875ba482d2565c062a5eb65862620595a84309ff3f The package @emerald-react/checkbox was found to contain malicious code...

MAL-2026-1603 Malicious code in @emerald-react/checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d32a1bb5753affaccc3f875ba482d2565c062a5eb65862620595a84309ff3f The package @emerald-react/checkbox was found to contain malicious code...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2026-3231

The CVE-2026-3231 entry concerns the WooCommerce plugin Checkout Field Editor (Checkout Manager) for WordPress, vulnerable to Stored Cross-Site Scripting via custom radio/checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to 2.1.7. The root ca...

PT-2026-24657

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2026-3241

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized rendering of user-supplied input in settings names and field option labels within the checkbox.twig template. An attacker can execute arbitrary...

GHSA-4MGV-366X-QXVX Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options

Overview of all XSS Reports Multiple stored XSS vulnerabilities were found in Craft CMS. They were split into 4 reports as follows: | Report | What's Vulnerable | Why Separate | |--------|-------------------|--------------| | This Report 1 | Multiple settings names | Twig Template:...

Malicious code in vl-ui-checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b636f4789648035c4ee34537313e51b2e4ba39f2f4ea19b6d8744f61a12bce3 The package vl-ui-checkbox was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-993 Malicious code in vl-ui-checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b636f4789648035c4ee34537313e51b2e4ba39f2f4ea19b6d8744f61a12bce3 The package vl-ui-checkbox was found to contain malicious code. Source: ossf-package-analysis...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState functions. An attacker can execute arbitrary...

PT-2026-5721

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description A flaw exists in jsPDF, a JavaScript library for generating PDFs, where user control over properties and methods within the Acroform module can lead to the injection of arbitrary PDF objects, including...

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...