EUVD-2025-26177

Malicious code in bioql PyPI...

WordPress List Subpages plugin cross-site scripting vulnerability

ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...

CVE-2025-8290

The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-8290 List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-8290

CVE-2025-8290 affects the WordPress plugin List Sub Pages (List Subpages) up to version 1.0.6. The vulnerability is a Stored Cross-Site Scripting flaw in the title parameter caused by insufficient input sanitization and output escaping, allowing authenticated attackers with at least Contributor-l...

WordPress plugin List Subpages 跨站脚本漏洞

ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...

PT-2025-35188

Name of the Vulnerable Software and Affected Versions: The List Subpages plugin for WordPress versions up to and including 1.0.6 Description: The List Subpages plugin for WordPress is susceptible to Stored Cross-Site Scripting through the title parameter. Insufficient input sanitization and outpu...

CVE-2025-4220

The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220

The Xavins List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220 Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xavins List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220 Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xavins List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220

CVE-2025-4220 affects the WordPress plugin Xavin’s List Subpages. The issue is a Stored Cross-Site Scripting via the plugin’s 'xls' shortcode caused by insufficient input sanitization and output escaping of user-supplied attributes. Attack requires authenticated access at contributor level or hig...

PT-2025-19922 · WordPress · Xavin'S List Subpages

Name of the Vulnerable Software and Affected Versions: Xavin's List Subpages plugin for WordPress versions up to and including 1.3 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'xls' shortcode. This allows authenticated...

WordPress Xavin's List Subpages plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Xavin's List Subpages versions = 1.3...

WordPress plugin Xavins List Subpages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...