CVE-2024-2119

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

EUVD-2024-27894

Malicious code in bioql PyPI...

EUVD-2023-58718

Malicious code in bioql PyPI...

CVE-2024-2953

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissio...

CVE-2024-9641 LuckyWP Table of Contents < 2.1.7 - Admin+ Stored XSS

The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2119

CVE-2024-2119 describes a Reflected XSS in the LuckyWP Table of Contents WordPress plugin. The vulnerability exists in the attrs parameter and affects all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This can allow unauthenticated attackers to inj...