49 matches found
CVE-2026-3191
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
EUVD-2026-17367
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
CVE-2026-3191
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
CVE-2026-3191
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
CVE-2026-3191 Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
CVE-2026-3191 Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...
CVE-2026-1392
The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the srminifyhtmltheme function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2026-1392
The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the srminifyhtmltheme function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2026-1392 SR WP Minify HTML <= 2.1 - Cross-Site Request Forgery to Settings Update
The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the srminifyhtmltheme function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
Malicious code in html-webpack-plugin-hologram-stream-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f786614246d2d9d6432c8d36c1015a7c75b9a2b3c99baa78f244a48ad6eb9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177098
Malicious code in postcss-html-webpack-plugin-enif-ultra npm...
Malicious code in orbit-html-webpack-plugin-xml-docusaurus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08fb8c907f7e235373242f869cd54f573229f75943e3b713df6ab822fa2142e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-115173
Malicious code in commitizen-less-loader-mysql-html-webpack-plugin npm...
EUVD-2025-113889
Malicious code in eslint-html-webpack-plugin-eslint-plugin-auth0 npm...
MAL-2025-142626 Malicious code in fornax-html-webpack-plugin-child-process-rollup-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87c748f511d4cd75bfcc08bada27b0c236b32a30a0db4a112c1e7c76ce1d6510 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-115292
Malicious code in cli-vuepress-html-webpack-plugin-eris npm...
Malicious code in uninstall-html-webpack-plugin-leda-upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afb68b97568f84089399c4178cd2addd4a7ad438f5e102df3bae522b903b5bb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in quark-html-webpack-plugin-farout-pm2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8601e78b8d2dfed9130bd47aa2752133e6926bb319210973f17abba74f8c4aa0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-124278
Malicious code in norma-html-webpack-plugin-version-juno npm...
MAL-2025-145643 Malicious code in norma-html-webpack-plugin-version-juno (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84509b5d35b1df7faaa56be4c99f921048932e5586fbdebf4d72f7c87eb39467 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...