Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

EUVD-2025-13823

Malicious code in bioql PyPI...

CVE-2025-47501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...

CVE-2025-47501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...

CVE-2025-47501 WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...

WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Content Control versions = 2.6.1...

PT-2025-20125 · Code Atlantic · Code Atlantic Content Control

Name of the Vulnerable Software and Affected Versions: Code Atlantic Content Control versions n/a through 2.6.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS attacks. This means that an attacker could potentially...

WordPress User Menus – Nav Menu Visibility Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software User Menus – Nav Menu Visibility Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Code Atlantic LLC PSID 1af27071833c Credits Rafie Muhamma...

Popup-Maker < 1.8.12 - Broken Authentication

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

WordPress Popup Maker Plugin < 1.16.11 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:code-atlantic:popupmaker"; ifdescription...

WordPress Content Control Plugin < 1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Content Control Type Plugin Vulnerable versions 1.1.10 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4509 Patch priority Medium CVSS severity Medium 6.3 Developer Code Atlantic LLC PSID a16131ad7c93 Credits István Márton...