11 matches found
EUVD-2025-25074
Malicious code in bioql PyPI...
PT-2025-32622 · WordPress · Simple Responsive Slider
Name of the Vulnerable Software and Affected Versions: Simple Responsive Slider versions prior to 2.0 Description: The Simple Responsive Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-9127 Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-5964
CVE-2024-5964 (Zenon Lite theme) : WordPress Zenon Lite theme versions up to and including 1.9 are vulnerable to a stored XSS via the url parameter in the Button shortcode, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or ...
CVE-2024-5788
The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2024-2328 Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...
Cross site scripting
The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2023-2169 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting
The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...