EUVD-2025-28178

Malicious code in bioql PyPI...

CVE-2025-48259

Cross-Site Request Forgery CSRF vulnerability in Juan Carlos WP Mapa Politico España wp-mapa-politico-spain allows Cross Site Request Forgery.This issue affects WP Mapa Politico España: from n/a through = 3.8.0...

CVE-2025-48259

Cross-Site Request Forgery CSRF vulnerability in Juan Carlos WP Mapa Politico España wp-mapa-politico-spain allows Cross Site Request Forgery.This issue affects WP Mapa Politico España: from n/a through = 3.8.0...

CVE-2025-48259 WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0...

WordPress plugin WP Mapa Politico España 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...

PT-2025-21971 · WordPress · Wp Mapa Politico Espana

Name of the Vulnerable Software and Affected Versions: WP Mapa Politico España versions 3.8.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For WP Mapa Politico...

dossierpolitico.com Cross Site Scripting vulnerability OBB-3900986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Google and Microsoft accused of feeding smaller search engines spam ads

Google and Microsoft appear to have been flooding their smaller search engine rivals with spam ads, to limit the number of higher-value ads that appear on them, according to data viewed by POLITICO. Ads are considered "spam" if they appear in search results but have little to no relevance to the...

CVE-2021-24609

The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24609

The CVE covers the WP Mapa Politico Espana WordPress plugin before 3.7.0, where certain settings are not sanitized/escaped before output in attributes, allowing authenticated high-privilege users to perform stored XSS. Mitigation: upgrade to version 3.7.0 or later.

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WP Mapa Politico Espana < 3.7.0 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in any of the Maps Zona setting fields such as A Coruna:...

WP Mapa Politico Espana < 3.7.0 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in any of the Maps Zona setting fields such as A Coruna:...

Biden to Appoint Cybersecurity Advisor to NSC – Report

President-elect Joe Biden has reportedly tapped the National Security Agency’s cybersecurity director to serve in a brand-new cyber-role on his National Security Council. Anne Neuberger, a more than 10-year veteran of the NSA and its cyber-chief since 2019, will become the country’s deputy nation...

politico.eu Improper Access Control vulnerability OBB-1269402

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

animalpolitico.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1154413 Security Researcher DkilerS2 Helped patch 112 vulnerabilities Received 4 Coordinated Disclosure badges Received 8 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting animalpolitico.com website...

politico.com Cross Site Scripting vulnerability

Security Researcher 4NCURZE Helped patch 1368 vulnerabilities Received 7 Coordinated Disclosure badges Received 12 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting politico.com website and its users. Following coordinated...

login.politico.com XSS vulnerability

Open Bug Bounty ID: OBB-458192 Description| Value ---|--- Affected Website:| login.politico.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

White House Chief of Staff John Kelly's Cell Phone was Tapped

Politico reports that White House Chief of Staff John Kelly's cell phone was compromised back in December. I know this is news because of who he is, but I hope every major government official of any country assumes that their commercial off-the-shelf cell phone is compromised. Even allies spy on...