WordPress NinjaTeam Header Footer Custom Code plugin <= 1.2 - Admin+ Stored XSS via CSS Styles vulnerability

Admin+ Stored XSS via CSS Styles vulnerability discovered by Bob Matyas in WordPress Plugin NinjaTeam Header Footer Custom Code versions = 1.2...

CVE-2025-66134

Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.5.1...

EUVD-2025-203576

Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.4.9...

CVE-2025-66134 WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through = 6.5.1...

EUVD-2024-43347

Malicious code in bioql PyPI...

EUVD-2025-3795

Malicious code in bioql PyPI...

EUVD-2024-26142

Malicious code in bioql PyPI...

EUVD-2024-42367

Malicious code in bioql PyPI...

EUVD-2025-16471

Malicious code in bioql PyPI...

EUVD-2023-56091

Malicious code in bioql PyPI...

CVE-2025-5236

The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5236

The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter

The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter

The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5236

The CVE concerns the NinjaTeam Chat for Telegram WordPress plugin (≤1.1). The root cause is insufficient input sanitization and output escaping for the username parameter, leading to Stored Cross-Site Scripting. Exploitation requires an authenticated attacker with Contributor-level access or high...

PT-2025-23269 · WordPress · Ninjateam Chat For Telegram

Name of the Vulnerable Software and Affected Versions: NinjaTeam Chat for Telegram plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Stored Cross-Site Scripting via the username parameter due to insufficient input sanitization and output escaping. This...

WordPress plugin NinjaTeam Chat for Telegram 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress NinjaTeam Chat for Telegram plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.1...

CVE-2025-24591

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.1...

CVE-2024-6493

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...