WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxgmaps' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

CVE-2025-23775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WWP GMAPS for WPBakery Page Builder Free gmaps-for-visual-composer-free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through = 1.2...

CVE-2025-14499

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

EUVD-2025-205007

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14499

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14499

CVE-2025-14499 : IceWarp gmaps suffers a Cross‑Site Scripting flaw in the handling of a parameter on the gmaps page, due to improper validation of user input. This allows an attacker to inject arbitrary scripts and bypass authentication on affected IceWarp installations, with user interaction req...

IceWarp 跨站脚本漏洞

IceWarp is an integrated enterprise communication and collaboration platform from IceWarp, a Czech company, designed to provide organizations with a variety of tools and features to support internal and external communication, collaboration and business processes. IceWarp suffers from a cross-sit...

IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a parameter...

EUVD-2025-3408

Malicious code in bioql PyPI...

EUVD-2025-3328

Malicious code in bioql PyPI...

CVE-2024-3341

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxgmaps' shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2025-23665

Cross-Site Request Forgery CSRF vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through = 1.5...

CVE-2025-23775

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WWP GMAPS for WPBakery Page Builder Free gmaps-for-visual-composer-free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through = 1.2...

CVE-2025-23665

Cross-Site Request Forgery CSRF vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through = 1.5...

CVE-2025-23665

Cross-Site Request Forgery CSRF vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through = 1.5...

CVE-2025-23775 WordPress GMAPS for WPBakery Page Builder Free Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WWP GMAPS for WPBakery Page Builder Free gmaps-for-visual-composer-free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through = 1.2...

CVE-2025-23775

CVE-2025-23775 (GMAPS for WPBakery Page Builder Free) Improper Neutralization of Input During Web Page Generation enables a Stored XSS in GMAPS for WPBakery Page Builder Free. Affected: GMAPS for WPBakery Page Builder Free from n/a through 1.2. Root cause: input is not properly sanitized before e...

CVE-2025-23665

CVE-2025-23665 describes a CSRF vulnerability in the RSV GMaps (RSV Google Maps) WordPress plugin that enables Stored XSS. The description states affected range as RSV GMaps: from n/a through