232 matches found
CVE-2025-48078 WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through = 0.3...
CVE-2025-48077
CVE-2025-48077 documents a CSRF to Stored XSS vulnerability in the WordPress Block Country plugin (versions
ThinkDashboard 代码问题漏洞
ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A code issue vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from the backup import feature not properly validating file types, which could lead to a stored...
CVE-2025-12415 MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...
CVE-2025-12410 SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the shcontextualhelpdashboardwidget function. This makes it possible for unauthenticated attackers to update...
CVE-2025-60075 WordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through = 3.0.1...
CVE-2025-62956
Cross-Site Request Forgery CSRF vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through = 2.0.1...
CVE-2025-62986
CVE-2025-62986: Cross-Site Request Forgery (CSRF) in WordPress FanBridge signup plugin (fanbridge-signup) versions <= 0.6 can enable Stored XSS. Public sources in this set identify the affected plugin and the CSRF/XSS combination, with patch status noted as Patched by Wordfence (and Patchstack...
CVE-2025-62986 WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...
Revive Adserver: Reflected XSS in account-preferences-plugin.php
A reflected cross-site scripting RXSS vulnerability was discovered in revive-adserver-6.0.1/www/admin/account-preferences-plugin.php via the group query parameter. Untrusted input was reflected without proper output encoding or context-aware escaping, allowing injection of JavaScript into the...
CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...
CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
CVE-2025-10135 WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-62358
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...
CVE-2025-62246
CVE-2025-62246 is a stored XSS in Liferay Portal 7.4.x and Liferay DXP (older and unsupported versions) due to improper sanitization of name fields in com.liferay.mentions.web; exploited when a crafted first/mmiddle/last name is rendered in widgets/apps such as page comments, blog comments, docs/...
WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Slick Google Map versions = 0.3...
CVE-2025-11197
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2020-23939
Malware in sbrugna...
EUVD-2020-23941
Malware in sbrugna...
EUVD-2020-23940
Malware in sbrugna...