61 matches found
WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...
WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'irmcalendarview' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...
EUVD-2025-18241
Malicious code in bioql PyPI...
EUVD-2025-18239
Malicious code in bioql PyPI...
EUVD-2025-18233
Malicious code in bioql PyPI...
CVE-2025-4586
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4585
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4584
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress IRM Newsroom plugin <= 1.2.19 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Chuck in WordPress Plugin IRM Newsroom versions = 1.2.19...
CVE-2025-4585
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4584
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-4586
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4585
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4586 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4586
CVE-2025-4586 affects the WordPress plugin IRM Newsroom (WordPress) up to version 1.2.17; the vulnerability is a stored XSS via the irmcalendarview shortcode due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with contributor-level access o...
CVE-2025-4584 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-4584 IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-4584
The CVE-2025-4584 affects the WordPress IRM Newsroom plugin up to version 1.2.17, where an authenticated Contributor+ can exploit the irmeventlist shortcode to perform Stored XSS due to insufficient input sanitization and output escaping. Public references indicate patched status varies; PatchSta...
CVE-2025-4585 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-4585 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode
The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...