EUVD-2026-24686

The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The...

CVE-2026-4279 Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The...

CVE-2026-1650 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

CVE-2026-1650 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

THE NEW Rapid7 MDR for Enterprise: Tailored Detection and Response for Complex Environments

Complex ecosystems. Custom applications. Specialized log sources. Distributed operations. Enterprise security leaders aren’t just defending against threats—they’re navigating a fragmented environment where visibility, coverage, and coordination are constant challenges. Our MDR service provides...

WordPress Goal Tracker - Custom Event Tracking for GA4 Plugin < 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Goal Tracker - Custom Event Tracking for GA4 Type Plugin Vulnerable versions 1.0.11 Fixed in 1.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e97011f95aa7 Credits Raf...

SUSE CVE-2015-5827

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...

MAL-2022-2282 Malicious code in custom-event-names (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b06a70ccf4ecbf312e8ea14b6890b653b560e9afeac1a31af3f9ddf64f4e9cb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in custom-event-names (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b06a70ccf4ecbf312e8ea14b6890b653b560e9afeac1a31af3f9ddf64f4e9cb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Design/Logic Flaw

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email email protected, verify it, change it to the mail email protected and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this w...

Update Rollup 13 for System Center 2012 R2 Operations Manager

Update Rollup 13 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 13 for Microsoft System Center 2012 R2 Operations Manager. This article also contains the installation instructions for this update. Issues that are fixed...

DumpsterFire Toolset: Security Incidents In A Box

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support a...

UBUNTU-CVE-2015-5827

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...

Design/Logic Flaw

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a 1 custom event, 2 message event, or 3 pop state event...