EUVD-2023-24082

Malicious code in bioql PyPI...

CVE-2021-24837

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

PT-2022-25944 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the cg option id POST parameter before it is concatenated to ...

Sql injection

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-2654

The Classima WordPress theme before 2.1.11 and some of its required plugins Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10 do not escape a parameter before outputting it back in attributes,...

Cross-site scripting vulnerability in 500page.jsp

The test successfully embedded a script in the response, which will be executed once the page is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site Scripting attack. The file 500page.jsp should escape the attributes and parameters to prevent code...