CVE-2026-4341

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

EUVD-2026-20046

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

CVE-2026-4341

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

CVE-2026-4341 Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

CVE-2026-4341 Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

CVE-2026-4341

CVE-2026-4341 covers a Stored Cross-Site Scripting vulnerability in the Prime Slider – Addons for Elementor plugin for WordPress (versions up to and including 4.1.10). The root cause is insufficient input sanitization and output escaping in the Mount widget’s render_social_link() function, which ...

PT-2026-31081

Name of the Vulnerable Software and Affected Versions Prime Slider – Addons for Elementor plugin for WordPress versions up to and including 4.1.10 Description The Prime Slider – Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient...

WordPress Prime Slider plugin <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'followustext' Parameter vulnerability discovered by WordFence in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.1.10...

EUVD-2025-9217

Malicious code in bioql PyPI...

EUVD-2024-31870

Malicious code in bioql PyPI...

CVE-2024-3280

The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsitefollowusbadges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804

CVE-2025-31804 corresponds to an authenticated Stored XSS in the WordPress plugin Follow Us Badges (wpsite-follow-us-badges) up to version 3.1.11. Root cause: improper input neutralization during web page generation. Impact, per connected docs, is stored XSS risk for authenticated users; no publi...

PT-2025-14186 · Unknown · Follow Us Badges

Name of the Vulnerable Software and Affected Versions: Follow Us Badges versions n/a through 3.1.11 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the...

WordPress Follow Us Badges plugin <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpsitefollowusbadges Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin Follow Us Badges versions = 3.1.10...

WordPress Follow Us Badges Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Follow Us Badges Type Plugin Vulnerable versions = 3.1.10 Fixed in 3.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b115b59a801a Credits Lucio Sá Required...

PT-2024-24873 · WordPress · Follow Us Badges

Name of the Vulnerable Software and Affected Versions: Follow Us Badges plugin for WordPress versions up to, and including, 3.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpsite follow us badges shortcode due to insufficient input sanitization and output...

Follow Us Badges < 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode

Description The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsitefollowusbadges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...