70 matches found
CVE-2026-5293
The CVE concerns the WordPress plugin Diagnosis Generator (診断ジェネレータ作成プラグイン) up to version 1.4.16. It enables Stored Cross-Site Scripting via the js parameter due to missing authorization checks and insufficient input sanitization in themeFunc(), which runs on admin_init and processes theme update...
CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
CVE-2025-13717
The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...
EUVD-2025-24198
Malicious code in bioql PyPI...
EUVD-2025-4549
Malicious code in bioql PyPI...
EUVD-2024-42361
Malicious code in bioql PyPI...
EUVD-2024-28166
Malicious code in bioql PyPI...
EUVD-2024-29197
Malicious code in bioql PyPI...
EUVD-2024-25125
Malicious code in bioql PyPI...
EUVD-2022-49918
Malicious code in bioql PyPI...
CVE-2025-58268 WordPress WPMK PDF Generator Plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through = 1.0.1...
WordPress plugin PDF Generator for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...
WordPress Wp chart generator plugin cross-site scripting vulnerability
WordPress Wp chart generator plugin is a plugin for generating charts in WordPress blogs. Users can create multiple charts through the backend admin interface and embed them in posts or pages using the generated shortcode. A cross-site scripting vulnerability exists in the WordPress Wp chart...
CVE-2025-30934
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...
WordPress plugin 診断ジェネレータ作成プラグイン 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-10705
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpgdownloadfilebylink' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web...
CVE-2023-34022
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rakib Hasan Dynamic QR Code Generator plugin = 0.0.5 versions...
CVE-2023-27452
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wow-Company Button Generator – easily Button Builder plugin = 2.3.3 versions...
CVE-2022-2100
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-29042
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configu...