14 matches found
CVE-2025-1406
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
EUVD-2005-2005
Malware in sbrugna...
EUVD-2025-4547
Malicious code in bioql PyPI...
MAL-2025-17983 Malicious code in dasnoo-newpost (npm)
The package dasnoo-newpost was found to contain malicious code...
Malicious code in dasnoo-newpost (npm)
The package dasnoo-newpost was found to contain malicious code...
CVE-2025-1406
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-1406
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-1406 Newpost Catch <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2025-1406
The CVE-2025-1406 entry concerns the Newpost Catch WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the npc shortcode in all versions up to 1.3.19, caused by insufficient input sanitization and output escaping for user-supplied attributes. The impact is that an authenticated ...
WordPress plugin Newpost Catch 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress Newpost Catch plugin <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via npc Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Newpost Catch versions = 1.3.19...
CVE-2020-20189
SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php...
CVE-2006-0851
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost...
CVE-2005-2004
Multiple cross-site scripting vulnerabilities in Ultimate PHP Board UPB 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ref parameter to login.php, 2 id or 3 page parameter to viewtopic.php, id parameter to 4 profile.php, 5 newpost.php, 6 email.php, ...