18 matches found
EUVD-2025-11585
Malicious code in bioql PyPI...
EUVD-2023-12240
Malicious code in bioql PyPI...
CVE-2023-0150
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-26968
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
CVE-2025-26968
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
CVE-2025-26968 WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
CVE-2025-26968 WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5...
WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Cloak Front End Email versions = 1.9.5...
PT-2025-16976 · Webbernaut · Webbernaut Cloak Front End Email
Name of the Vulnerable Software and Affected Versions: webbernaut Cloak Front End Email versions 1.9.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can be exploited in th...
CVE-2023-0150
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0150
The CVE-2023-0150 entry concerns the Cloak Front End Email WordPress plugin (versions
CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Plugin Cloak Front End Email 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks email name='" onmouseover="alert1"...
WordPress Cloak Front End Email Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Cloak Front End Email Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0150 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8e7d5eb708ad Credits István Márto...
Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC email name='" onmouseover="alert1"...