28 matches found
EUVD-2024-33393
Malicious code in bioql PyPI...
EUVD-2023-59349
Malicious code in bioql PyPI...
EUVD-2025-14298
Malicious code in bioql PyPI...
CVE-2024-10116
The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2023-7168
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2023-7168
The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
PT-2025-21378 · WordPress · The Better Follow Button For Jetpack
Name of the Vulnerable Software and Affected Versions: The Better Follow Button for Jetpack WordPress plugin versions through 8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not...
WordPress plugin Better Follow Button for Jetpack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-47578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...
CVE-2025-47578
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...
CVE-2025-47578
CVE-2025-47578 is a DOM-based XSS vulnerability in the WordPress plugin BNS Twitter Follow Button (versions up to and including 0.3.8). The issue arises from improper input neutralization during web page generation, enabling cross-site scripting. Affected software: BNS Twitter Follow Button
CVE-2025-47578 WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through = 0.3.8...
CVE-2025-47578 WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through 0.3.8...
PT-2025-20725 · Unknown · Twitter Follow Button
Name of the Vulnerable Software and Affected Versions: BNS Twitter Follow Button versions 0.3.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that an attacker cou...
WordPress plugin BNS Twitter Follow Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2024-10116
The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-10116 Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter
The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-10116
The CVE 2024-10116 entry concerns the Twitter Follow Button plugin for WordPress (affected versions: all up to 0.2). It describes a Stored Cross-Site Scripting vulnerability via the username parameter, caused by insufficient input sanitization and output escaping. Exploitation requires authentica...
CVE-2024-10116 Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter
The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress plugin Twitter Follow Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...