EUVD-2025-19193

Malicious code in bioql PyPI...

CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

CVE-2025-58232

CVE-2025-58232 affects Image Editor by Pixo (WordPress plugin). The entry documents a DOM/Stored XSS vector in the Editor component, arising from Improper Neutralization of Input During Web Page Generation. Affected version:

CVE-2025-5588

The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘download’ parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

WordPress Image Editor by Pixo plugin <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via download Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Image Editor by Pixo versions = 2.3.6...