95 matches found
PT-2025-46259
Name of the Vulnerable Software and Affected Versions Precise Columns versions prior to 1.1 Description The Precise Columns plugin for WordPress is susceptible to Stored Cross-Site Scripting through the wrap id shortcode attribute. The plugin does not properly sanitize user input or escape output...
CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
EUVD-2025-35323
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedyoutube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. This makes it possible for...
EUVD-2025-35322
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2017-17755
Malware in sbrugna...
SUSE CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...
LDAP Injection
Mattermost is vulnerable to LDAP Injection. The vulnerability is due to improper validation due to failure to sanitize LDAP group ID attributes in the /api/v4/ldap/groups/remoteid/link API when objectGUID is used as the Group ID Attribute...
Mattermost allows authenticated administrator to execute LDAP search filter injection
Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...
GHSA-4R67-4X4P-FPRG Mattermost allows authenticated administrator to execute LDAP search filter injection
Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...
CVE-2025-4573
Mattermost LDAP issue (CVE-2025-4573): 10.5.x–10.7.x and 9.11.x up to 9.11.13 fail to validate LDAP group ID attributes. An authenticated administrator with PermissionSysconsoleWriteUserManagementGroups can trigger LDAP search filter injection via PUT /api/v4/ldap/groups/{remote_id}/link when obj...
BIT-JOOMLA-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists
Lack of output escaping in the id attribute of menu lists...
CVE-2023-5048
The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ContactFormBuilder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for...
WordPress plugin Simple Signup Form SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...
CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists
Lack of output escaping in the id attribute of menu lists...
PT-2025-2598 · Joomla +2 · Joomla! +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a lack of output escaping in the id attribute of menu lists. This could potentially lead to issues where user input is not...
PT-2024-39393 · WordPress · The Curator.Io
Name of the Vulnerable Software and Affected Versions: The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to Stored Cross-Site Scripting via the feed id attribute due to insufficient input...
PT-2024-30637 · WordPress · The Master Slider
Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms layer' shortcode due to insufficient input sanitizati...
CVE-2024-5640
The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...