15 matches found
EUVD-2025-16471
Malicious code in bioql PyPI...
CVE-2025-5236
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5236
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5236
The CVE concerns the NinjaTeam Chat for Telegram WordPress plugin (≤1.1). The root cause is insufficient input sanitization and output escaping for the username parameter, leading to Stored Cross-Site Scripting. Exploitation requires an authenticated attacker with Contributor-level access or high...
PT-2025-23269 · WordPress · Ninjateam Chat For Telegram
Name of the Vulnerable Software and Affected Versions: NinjaTeam Chat for Telegram plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Stored Cross-Site Scripting via the username parameter due to insufficient input sanitization and output escaping. This...
WordPress plugin NinjaTeam Chat for Telegram 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress NinjaTeam Chat for Telegram plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.1...
CVE-2024-11885
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtelebutton shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11885
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtelebutton shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11885 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtelebutton shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11885 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtelebutton shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-11885
CVE-2024-11885 affects NinjaTeam Chat for Telegram plugin for WordPress. It is a stored cross-site scripting (XSS) in the njtele_button shortcode caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated access at Contributor le...
WordPress NinjaTeam Chat for Telegram plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.0...