CVE-2025-11457

creationtimestamp| type| source ---|---|--- 2025-11-11 07:32:23+00:00| seen| https://infosec.exchange/users/offseq/statuses/115529897855835530 2025-11-11 07:32:24+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m5dmn3isdz2p 2025-11-14 22:42:51+00:00| published-proof-of-concept|...

Malicious code in changing_wildcat_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03c64287c4545c406e67013f35aa59a7579ab6d15435325f4ff1513bb2f37d22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-60943

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

CVE-2025-12813

creationtimestamp| type| source ---|---|--- 2025-11-11 06:02:22+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m5dhm3jiyq2s 2025-11-11 06:29:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5dj5czirj2q 2025-11-11 08:35:49+00:00| seen|...

CVE-2025-11828

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

CVE-2025-11828 Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

CVE-2025-11828

The Magazine Companion WordPress plugin (bnm-blocks/featured-posts-1 headerHtmlTag) is vulnerable to Stored XSS in all versions up to and including 1.2.3 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling...

CVE-2025-42890

creationtimestamp| type| source ---|---|--- 2025-11-11 01:32:05+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m5cyirztho27 2025-11-11 02:12:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5d2rbdroo2q 2025-11-11 03:31:58+00:00| seen|...

CVE-2018-25124

creationtimestamp| type| source ---|---|--- 2025-11-11 01:30:37+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5cyftmsabr2 2025-11-11 01:47:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5czeiianj2q 2025-11-11 03:30:15+00:00| seen|...

MAL-2025-65116 Malicious code in rina-gembus91-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ae5881c8952cda1a35de026b2a1db7a03c8a40b9fe80a65a0cf0ad687ca0aeb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress plugin My Geo Posts Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2025-46258

Name of the Vulnerable Software and Affected Versions My Geo Posts Free plugin for WordPress versions prior to 1.3 Description The My Geo Posts Free plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'mygeo city' shortcode. This occurs because the plugin does not...

PT-2025-46253

Name of the Vulnerable Software and Affected Versions The Magazine Companion plugin for WordPress versions through 1.2.3 Description The Magazine Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the headerHtmlTag attribute within the bnm-blocks/featured-posts-1...

WordPress My Geo Posts Free plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin My Geo Posts Free versions = 1.2...

CVE-2025-63147

creationtimestamp| type| source ---|---|--- 2025-11-10 18:32:22+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5caxicuohp2 2025-11-10 19:54:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5cfmcllcm2s...

CVE-2025-63456

creationtimestamp| type| source ---|---|--- 2025-11-10 18:31:35+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5cawxximmp2 2025-11-10 19:35:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5celhwpu32u...

CVE-2025-63455

creationtimestamp| type| source ---|---|--- 2025-11-10 18:31:34+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5cawr7zbdp2 2025-11-10 19:48:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5cfc2bwrb2x...

CVE-2025-64456

creationtimestamp| type| source ---|---|--- 2025-11-10 15:56:26+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5byc7p5hep2 2025-11-10 16:21:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5bzqvgyzt2x 2025-11-10 17:10:54+00:00| seen|...

CVE-2025-64683

creationtimestamp| type| source ---|---|--- 2025-11-10 15:55:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5bybopvgc2s 2025-11-10 15:58:34+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5bydiou3rc2...

CVE-2025-41731

creationtimestamp| type| source ---|---|--- 2025-11-10 09:01:50+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m5bb62m7a724 2025-11-10 09:38:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5bd7o2lze2n 2025-11-10 09:45:59+00:00| seen|...