Malicious code in vue2-script-ext-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 747331ee9a0695a63f863ebc84ad9508b515a9c8dfe77477314ff8de5a5aba40 The package vue2-script-ext-html-webpack-plugin was found to contain malicious code...

CVE-2025-48315 WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stanton119 WordPress HTML allows Stored XSS. This issue affects WordPress HTML: from n/a through 0.51...

CVE-2025-48315 WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stanton119 WordPress HTML custom-html-bodyhead allows Stored XSS.This issue affects WordPress HTML: from n/a through = 0.51...

WordPress plugin WordPress HTML 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin WordPress HTML versions = 0.51...

Malicious code in dorado-html-webpack-plugin-less-procyon (npm)

The package dorado-html-webpack-plugin-less-procyon was found to contain malicious code...

WordPress plugin Dot html,php,xml etc pages Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

The vulnerability of the Jenkins continuous integration server’s HTML plugin arises from incorrect path name restrictions for the catalog directory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server plugin is related to an incorrect restriction on the path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2024-12579

The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can...

CVE-2023-26014

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Minify HTML plugin = 2.1.7 vulnerability...

CVE-2021-32858

esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting XSS issues. There are no known patches for this issue...

CVE-2024-12579 Minify HTML <= 2.1.10 - - Regular Expressions Denial of Service

The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can...

CVE-2024-12579

The CVE-2024-12579 entry concerns the Minify HTML plugin for WordPress. According to Red Hat and Wordfence sources, the vulnerability is a Regular Expression Denial of Service (ReDoS) caused by processing user-supplied input as a regular expression. It affects all versions up to and including 2.1...

WordPress WordPress Cloaking – Show & Create Geo-Targeted Custom HTML Plugin – GeoRequest Plugin <= 0.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Cloaking – Show & Create Geo-Targeted Custom HTML Plugin – GeoRequest Type Plugin Vulnerable versions = 0.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim...

CVE-2023-26014

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Minify HTML plugin = 2.1.7 vulnerability...

CVE-2023-26014

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Minify HTML plugin = 2.1.7 vulnerability...

CVE-2023-26014

CVE-2023-26014 concerns the WordPress Minify HTML Plugin, affected in versions &lt;= 2.1.7. The vulnerability is CSRF (Cross-Site Request Forgery) that can be exploited without authentication. Patchstack’s entry states the issue is fixed in version 2.1.8. The Initial Description confirms the CSRF...

CVE-2023-26014 WordPress Minify HTML Plugin <= 2.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Minify HTML plugin = 2.1.7 vulnerability...

PT-2023-20426 · Unknown · Tim Eckel Minify Html Plugin

Name of the Vulnerable Software and Affected Versions: Tim Eckel Minify HTML plugin versions = 2.1.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

Cross-site Scripting (XSS)

esdoc-publish-html-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the markdown function in util.js does not properly remove HTML comments, allowing an attacker to inject and execute malicious HTML content such as through the tag parameter...