EUVD-2023-51633

Malicious code in bioql PyPI...

CVE-2023-47522

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Feed plugin = 2.2.1 versions...

CVE-2025-27000 WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through = 1.4.0...

CVE-2023-47522

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Feed plugin = 2.2.1 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Feed plugin = 2.2.1 versions...

CVE-2023-47522 WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Feed plugin = 2.2.1 versions...

CVE-2023-47522

CVE-2023-47522 is a reflected, unauthenticated XSS vulnerability in the Photo Feed WordPress plugin prior to version 2.2.1. The issue is triggered via the pf-gid parameter, enabling attacker-controlled script execution in a victim’s browser. Affected software: Photo Feed plugin

CVE-2023-47522 WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Feed plugin = 2.2.1 versions...

PT-2023-30483 · Unknown · Photo Feed

Name of the Vulnerable Software and Affected Versions: Photo Feed plugin versions prior to 2.2.1 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the website, potentially allowing them t...

WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Photo Feed Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47522 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c41c9fcd587f Credits Le Ngoc Anh Required...

CVE-2023-5082

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...

CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it...