127 matches found
EUVD-2023-54727
Malicious code in bioql PyPI...
EUVD-2022-34454
Malicious code in bioql PyPI...
EUVD-2023-26823
Malicious code in bioql PyPI...
EUVD-2023-26849
Malicious code in bioql PyPI...
EUVD-2023-50057
Malicious code in bioql PyPI...
CVE-2025-6189
The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
WordPress plugin WP Links Page SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Links...
CVE-2025-6681
The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-6681 Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
WordPress plugin Fan Page 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-31183 · WordPress · Fan Page
Name of the Vulnerable Software and Affected Versions: Fan Page plugin for WordPress versions up to and including 1.0.1 Description: The plugin is susceptible to Stored Cross-Site Scripting through the width parameter due to inadequate input sanitization and output escaping. This allows...
CVE-2023-25063
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin = 5.2.3 versions...
CVE-2023-22720
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Robert Macchi WP Links Page plugin = 4.9.3 versions...
CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute cod...
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-2093
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2021-25075
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack...
CVE-2015-1580
Multiple cross-site request forgery CSRF vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS attacks via the 2 source or 3 redir...
CVE-2015-10119
A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...
CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1...