99 matches found
CVE-2026-7509
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
EUVD-2026-31406
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2026-7509 KIA Subtitle <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]
The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2026-7509
The CVE-2026-7509 affects the WordPress KIA Subtitle plugin (
WordPress plugin KIA Subtitle 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2022-37418
The Remote Keyless Entry RKE receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retain...
EUVD-2025-140572
Malicious code in kupaio-kia-jakafafswofoai npm...
EUVD-2025-140576
Malicious code in kupaio-kia-jakaaopoai npm...
EUVD-2025-140565
Malicious code in kupaio-kia-jakaopoai npm...
EUVD-2025-140564
Malicious code in kupaio-kia-jakasfoai npm...
EUVD-2025-140566
Malicious code in kupaio-kia-jakaooai npm...
EUVD-2025-140648
Malicious code in ksai-kia-a npm...
EUVD-2025-140574
Malicious code in kupaio-kia-jakafafswafofoai npm...
EUVD-2025-140569
Malicious code in kupaio-kia-jakaiaolapoai npm...
EUVD-2025-140575
Malicious code in kupaio-kia-jakafafsfoai npm...
EUVD-2025-140571
Malicious code in kupaio-kia-jakafasfoai npm...
EUVD-2025-140568
Malicious code in kupaio-kia-jakaiaopoai npm...
EUVD-2025-140570
Malicious code in kupaio-kia-jakafoai npm...
Malicious code in kupaio-kia-jakaoai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 556183d340bc260eb89c2540197dbda9dfbd40f6b7e5b79cf8761de33c6aa9a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...