9 matches found
EUVD-2025-3197
Malicious code in bioql PyPI...
CVE-2025-23467
Cross-Site Request Forgery CSRF vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through = 2.0.0...
CVE-2025-23467
Cross-Site Request Forgery CSRF vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through = 2.0.0...
CVE-2025-23467 WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through = 2.0.0...
CVE-2025-23467 WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Vimal Ghorecha RSS News Scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through 2.0.0...
CVE-2025-23467
CVE-2025-23467 is a CSRF-enabled Stored XSS vulnerability in the WordPress RSS News Scroller plugin, affecting versions up to 2.0.0 (no fixed version details provided in the documents). The CVE entry is corroborated by Red Hat and Wordfence sources; CVSS v3.1 base score 7.1 (HIGH). No explicit re...
WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin RSS News Scroller versions = 2.0.0...
PT-2025-4894 · Unknown · Vimal Ghorecha Rss News Scroller
Name of the Vulnerable Software and Affected Versions: Vimal Ghorecha RSS News Scroller versions prior to 2.0.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...
Vertical News Scroller < 1.17 - Authenticated Reflected Cross-Site Scripting (XSS)
The plugin attempted to fix a reflected Cross-Site Scripting in v1.10, however the changes were insufficient, as sanitizetextfield was used, but output in an attribute without being escaped. For versions 1.17:...