3 matches found
EUVD-2026-19537
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
WordPress CSSIgniter Shortcodes plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'element' Shortcode Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CSSIgniter Shortcodes versions = 2.4.1...
WordPress Pronamic Google Maps plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Pronamic Google Maps versions = 2.4.1...