12 matches found
CVE-2025-23858
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...
EUVD-2025-2814
Malicious code in bioql PyPI...
CVE-2025-23858
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...
CVE-2025-23858
CVE-2025-23858 concerns the WordPress plugin Custom Users Order (versions n/a through 4.2). Multiple sources describe an improper neutralization of input during web page generation that enables Reflected XSS. The affected component is the plugin’s input handling/output rendering, with the root ca...
CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...
CVE-2025-32645
Cross-Site Request Forgery CSRF vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through = 4.4...
CVE-2025-32645
Cross-Site Request Forgery CSRF vulnerability in Hiren Patel Custom Posts Order custom-posts-order allows Stored XSS.This issue affects Custom Posts Order: from n/a through = 4.4...
CVE-2025-32645
CVE-2025-32645 : Affects WordPress plugin Custom Posts Order . Described as a CSRF to Stored Cross‑Site Scripting vulnerability with impact described as stored XSS. Affected versions: up to 4.4 (from the vulnerability entry). The provided documents do not include exploitation details, affected co...
PT-2025-15812 · Unknown · Hiren Patel Custom Posts Order
Name of the Vulnerable Software and Affected Versions: Hiren Patel Custom Posts Order versions through 4.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions through 4.4, update to a version that includes a fix for this...
CVE-2025-22536
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through = 1.3...
CVE-2025-22536 WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3...
CVE-2025-22536 WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiren.sabd WP Music Player wp-music-player allows SQL Injection.This issue affects WP Music Player: from n/a through = 1.3...