16 matches found
EUVD-2025-19548
Malicious code in bioql PyPI...
EUVD-2024-32540
Malicious code in bioql PyPI...
EUVD-2023-44054
Malicious code in bioql PyPI...
EUVD-2024-49774
Malicious code in bioql PyPI...
EUVD-2025-24196
Malicious code in bioql PyPI...
EUVD-2024-16469
Malicious code in bioql PyPI...
EUVD-2024-17579
Malicious code in bioql PyPI...
EUVD-2024-27404
Malicious code in bioql PyPI...
CVE-2025-5122
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the starttimestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping...
CVE-2024-13674
The Cosmic Blocks 40+ Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwpsocialshare' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-10147
CVE-2024-10147 (Steel WordPress plugin) is a stored XSS in the btn shortcode affecting all versions up to 1.3.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability allows authenticated attackers with contributor-level access or higher to i...
CVE-2024-9292 Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2024-8519 Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umloggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input...
CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2925
The CVE CVE-2024-2925 affects Beaver Builder – WordPress Page Builder (WordPress plugin) up to version 2.8.0.5. Root cause: insufficient input sanitization and output escaping on Button Widget attributes, enabling Stored Cross-Site Scripting. Impact: authenticated attackers with contributor-level...