WordPress plugin Rank Math SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-6536 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.235 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Rank Math API due to insufficient input...

WordPress Rank Math SEO plugin <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Rank Math API vulnerability discovered by Webbernaut in WordPress Plugin Rank Math SEO versions = 1.0.235...

CVE-2024-9314

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...

CVE-2024-11620

Improper Control of Generation of Code 'Code Injection' vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Code Injection.This issue affects Rank Math SEO: from n/a through = 1.0.231...

Malicious code in prime-math (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-952 Malicious code in prime-math (PyPI)

--- -= Per source details. Do not edit below this line.=-...

ambientagi (>=0.1.1 <=0.2.12), dataflex (=1.0.0) +10 more potentially affected by unknown CVE via gradio (>=5.0.0 <=5.12.0)

gradio PYPI version =5.0.0, =0.1.1, =1.0.1, =0.0.2, =1.1.8b3, =2025.1.24, =0.3.0, =0.0.1, =0.0.5, =0.9.1, =0.9.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-GRADIO-8685062...

GHSA-C76H-2CCP-4975 Use of Insufficiently Random Values in undici

Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...

ALPINE-CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

ambientagi (>=0.1.1 <=0.2.12), deepchopper (>=1.0.1 <=1.3.1) +3 more potentially affected by CVE-2025-23042 via gradio (>=5.0.0 <=5.10.0)

gradio PYPI version =5.0.0, =0.1.1, =1.0.1, =1.1.8b3, =0.3.0, =0.6.3 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2025-23042 Source advisory: SNYK:PYTHON-GRADIO-8623546...

Internet Bug Bounty: #2931639 ActionView sanitize helper bypass with math-related tags

There is a vulnerability in Rails-HTML-Sanitizer 1.6.0, which is also used by Rails ActionView. The vulnerability allows for bypassing the sanitization process when certain math-related tags, such as "math", "mtext", "table", "style", and "mglyph" or "malignmark", are allowed. This could lead to...

CLSA-2024-1734027856 nettle: Fix of CVE-2018-16869

Port side-channel silent functions from 3.4.1. Partially fix for CVE-2018-16869 - CVE-2018-16869: Add side-channel silent memory, math, PKCS1, RSA functions - Added tests for side-channel silent implementations...

SUSE CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53986

A cross-site scripting XSS vulnerability was found in certain configurations of rails-html-sanitizer. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements...

CVE-2024-53986

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53985

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri 1.15.7, or 1.16.x 1.16.8. The XSS vulnerability with certain...

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

UBUNTU-CVE-2024-53985

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri 1.15.7, or 1.16.x 1.16.8. The XSS vulnerability with certain...

UBUNTU-CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...