29 matches found
CVE-2026-39683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
EUVD-2026-20369
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
CVE-2026-39683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
CVE-2026-39683 WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
CVE-2026-39683 WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
CVE-2026-39683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
CVE-2026-39683
CVE-2026-39683 affects the WordPress Garden Gnome Package plugin (garden-gnome-package) up to version 2.4.1. The issue is a DOM-based XSS caused by improper neutralization of input during web page generation. Affected component is the garden-gnome-package, with the root cause described as cross-s...
WordPress plugin Garden Gnome Package 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31245
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through = 2.4.1...
EUVD-2024-49330
Malicious code in bioql PyPI...
EUVD-2024-51155
Malicious code in bioql PyPI...
CVE-2023-5664
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-12854
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
CVE-2024-12854
CVE-2024-12854 concerns Garden Gnome Package (WordPress) where all versions up to 2.3.0 are vulnerable due to missing file type validation when extracting uploaded ggpkgs. This enables an attacker with Author+ privileges to upload arbitrary files to the server, with potential remote code executio...
CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
WordPress plugin Garden Gnome Package 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress Garden Gnome Package plugin <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Garden Gnome Package versions = 2.3.0...
CVE-2024-8657
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-8657
The CVE-2024-8657 entry concerns the Garden Gnome Package plugin for WordPress (= 2.3.0 or apply vendor-provided patch; as a temporary measure, restrict access to the ggpkg shortcode to users below contributor level until patched.