60 matches found
EUVD-2024-34171
Malicious code in bioql PyPI...
EUVD-2025-15261
Malicious code in bioql PyPI...
EUVD-2024-32855
Malicious code in bioql PyPI...
EUVD-2024-49371
Malicious code in bioql PyPI...
EUVD-2024-37584
Malicious code in bioql PyPI...
EUVD-2024-32859
Malicious code in bioql PyPI...
EUVD-2025-7370
Malicious code in bioql PyPI...
CVE-2025-54052
Cross-Site Request Forgery CSRF vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows PHP Local File Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.0.0...
WordPress plugin Realtyna Organic IDX plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-10003
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10552
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘apikey’ and 'apisecret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8719
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-7769 Wordpress Clicksold IDX Plugin <= 1.90 - Admin+ XSS
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-7769 Wordpress Clicksold IDX Plugin <= 1.90 - Admin+ XSS
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2025-21504 · WordPress · Clicksold Idx Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: ClickSold IDX WordPress plugin versions 1.90 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...
CVE-2025-0863
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idxframe' shortcode in all versions up to, and including, 3.14.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-0863 Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idxframe' shortcode in all versions up to, and including, 3.14.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-0863
The CVE-2025-0863 entry concerns the Flexmls IDX Plugin for WordPress. It describes a Stored Cross-Site Scripting vulnerability in the idx_frame shortcode present in all versions up to 3.14.27, caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation...
CVE-2024-32128
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4...
WordPress Flexmls® IDX Plugin plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via API parameters vulnerability discovered by 1337Wannabe in WordPress Plugin Flexmls® IDX versions = 3.14.26...