EUVD-2024-16379

Malicious code in bioql PyPI...

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient inpu...

CVE-2023-3136

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

CVE-2025-3868

The CVE CVE-2025-3868 affects the WordPress plugin Custom Admin-Bar Favorites (versions up to 0.1). It is a Reflected Cross-Site Scripting vulnerability via the menuObject parameter caused by insufficient input sanitization/output escaping. Impact: unauthenticated attackers can inject scripts in ...

CVE-2024-13509

CVE-2024-13509 affects the WS Form LITE (and WS Form Pro) WordPress plugin. It is an unauthenticated Stored Cross-Site Scripting flaw in the url parameter present in all versions up to 1.10.13. The issue arises from insufficient input sanitization and output escaping, allowing an attacker to inje...

PT-2023-31782 · WordPress · Tcd Google Maps Plugin

Name of the Vulnerable Software and Affected Versions: TCD Google Maps plugin for WordPress versions up to, and including, 1.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'map' shortcode, allowing authenticated attacker...