7 matches found
WordPress plugin Gravity Forms 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2024-47653
Malicious code in bioql PyPI...
CVE-2025-24374
Twig is a PHP template engine. The vulnerability CVE-2025-24374 concerns missing output escaping for the left side of the null coalescing operator (??). The issue is fixed in Twig 3.19.0. Severity in CVSSv3.1 is MEDIUM (4.3), but the document notes no exploitation details. Connected sources (NVD/...
CVE-2024-11204
The CVE refers to WordPress plugin ForumWP (Forum & Discussion Board) with a Reflected Cross-Site Scripting vulnerability via the url parameter in all versions up to and including 2.1.2. Public details confirm the issue stems from insufficient input sanitization and output escaping, enabling unau...
CVE-2024-3916 Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-4383
CVE-2024-4383 affects the WordPress plugin Simple Membership. The vulnerability is a Stored Cross-Site Scripting via the plugin’s swpm_paypal_subscription_cancel_link shortcode in all versions up to and including 4.4.5, caused by insufficient input sanitization and output escaping on user-supplie...
CVE-2024-2280 Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...