EUVD-2018-21752

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

CVE-2026-3347

The CVE-2026-3347 entry concerns the WordPress plugin Multi Functional Flexi Lightbox . Affected versions are all up to and including 1.2, with a Stored Cross-Site Scripting (Stored XSS) vulnerability in the field arv_lb[message]. The root cause is a sanitize callback, arv_lb_options_val(), that ...

CVE-2025-14395 Popover Windows <= 1.2 - Missing Authorization to Authenticated (Subscriber+) Popover Configuration Update via AJAX Actions

The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions e.g., popsubmit, popthemesubmit in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

EUVD-2023-46341

Malicious code in bioql PyPI...

EUVD-2023-41797

Malicious code in bioql PyPI...

CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

WordPress plugin Easy Download Media Counter Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-28419

Cross-Site Request Forgery CSRF vulnerability in Stranger Studios Force First and Last Name as Display Name plugin = 1.2 versions...

WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Joshua Chan in WordPress Plugin Wp-Scribd-List versions = 1.2...

PT-2022-22344 · Jenkins · Jenkins Recipe Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Recipe Plugin version 1.2 and earlier Description: A cross-site request forgery issue allows attackers to send an HTTP request to a specified URL and parse the response as XML. Recommendations: For Jenkins Recipe Plugin version 1.2 an...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin WP Design Maps & Places...

CloudBees Jenkins chosen-views-tabbar Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

WordPress accurate-form-data-real-time-form-validation plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. accurate-form-data-real-time-form-validation is used in which a form data real-time validation plugin. A cross-site request...

WordPress Ebook Download Plugin Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...