CVE-2026-27429

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Nifty versions = 1.4.1...

CVE-2025-52763

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through = 1.08...

EUVD-2025-35475

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through = 1.08...

CVE-2025-52763

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through = 1.08...

CVE-2025-52763 WordPress Nifty Backups plugin <= 1.08 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through = 1.08...

CVE-2025-52763

The CVE-2025-52763 entry concerns the NickDuncan Nifty Backups WordPress plugin (

CVE-2025-52763 WordPress Nifty Backups plugin <= 1.08 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NickDuncan Nifty Backups nifty-backups allows Reflected XSS.This issue affects Nifty Backups: from n/a through = 1.08...

PT-2025-43247

Name of the Vulnerable Software and Affected Versions NickDuncan Nifty Backups versions through 1.08 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting issue. This allows for the injection of...

WordPress plugin Nifty Backups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2021-21284

Malware in sbrugna...

EUVD-2020-18679

Malware in sbrugna...

WordPress Nifty Backups plugin <= 1.08 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Nifty Backups versions = 1.08...

CVE-2020-25071

Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

Malicious code in nifty-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2e94e5fff47d4815f87f6dc9ba29b20022d6022c37e0b32ba9e3df81111eb5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-2979 Malicious code in nifty-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2e94e5fff47d4815f87f6dc9ba29b20022d6022c37e0b32ba9e3df81111eb5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

WordPress Nifty Newsletters plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Nifty Newsletters plugin 4.0.23 and earlier...