PT-2026-4589

Name of the Vulnerable Software and Affected Versions Allow HTML in Category Descriptions plugin for WordPress affected versions not specified Description The “Allow HTML in Category Descriptions” plugin for WordPress has a flaw where it incorrectly removes security checks on input data...

EUVD-2010-4502

Malware in sbrugna...

EUVD-2010-1643

Malware in sbrugna...

EUVD-2022-5304

Malicious code in bioql PyPI...

EUVD-2022-2179

Malicious code in bioql PyPI...

PT-2024-39475 · Sendpulse · Sendpulse Free Web Push

Name of the Vulnerable Software and Affected Versions: SendPulse Free Web Push plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the wp kses allowed html function. This allows unauthenticated...

CVE-2024-8861

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for certain HTML elements without...

WordPress Multiple Vulnerabilities (May 2023) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

SUSE CVE-2008-1502

The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...

SUSE CVE-2010-1619

Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...

SUSE CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

Moodle vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...

Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

GHSA-3GM8-32VV-Q8MP Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

GHSA-V759-3WR5-P294 Moodle vulnerable to Cross-site scripting

The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...

Moodle vulnerable to Cross-site scripting

The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description Post authors are able to bypass KSES restrictions in WordPress = 5.9 and or Gutenberg = 9.8.0 due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks PoC As a user without the UNFILTEREDHTML capability, create a post containing t...

DEBIAN-CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

WordPress Input Validation Error Vulnerability (CNVD-2020-03945)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the 'wpksesbadprotocol' function in the wp-includes/kses.php file in...

WordPress vulnerability analysis CVE-2 0 1 5-5 7 1 4 & CVE-2 0 1 5-5 7 1 5-the vulnerability warning-the black bar safety net

Recently, WordPress released a new version 4. 3. 1, which fixes a few serious security issues, which includes by Check Point filed a cross-site scripting Vulnerability, CVE-2 0 1 5-5 7 1 4 and a privilege escalation Vulnerability, CVE-2 0 1 5-5 7 1 5 It. 8 beginning of the month, Check Point, in...