493 matches found
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893
The CVE affects Orbisius Random Name Generator for WordPress. Description: Stored Cross-Site Scripting via the btn_label shortcode attribute in orbisius_random_name_generator, affect versions up to 1.0.2. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attac...
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin Orbisius Random Name Generator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in neuromorphic-cybernetics-cosmogenic-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 160b9ee422b1614bc10ab76b17cfd59829dd820e115922f452f8253b0f2750f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186823 Malicious code in error-alpha-sanitize-sanitize-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c05a938b12a3f015427b82e19d6772e1ff1d896c7088a090df2f14ff244015e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in easy-emulate-try-psi-balance (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b725c2958c571c434e5ee27ebe65d6524758ba7da779226c50ea40f71bbbdba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in config-pipe-promise-start (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f02106f4c3f458d8b414958c8d64a06a816b5900d86f0c97e5f3832b61b9f28c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in blaze-transport-eridanus-singularitarianism (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 132336594566f83353e8d26153b7eaa947954f4e3280dca688c1d21777f60534 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in archaeometry-accretion-avior-panspermia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75cacb75c83f3d611e28110f6eecd72ad718397db46669eab7ed2b3d26a8e33c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in earth-protected-gamma-test-star (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 607017a42bce9e56670763a33b409d170584375240403b448fd7b4741454f5f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187961 Malicious code in mechatronics-deneb-bunyan-radiant (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d599caec2bfcecde9b1d411603b07dd551398020115dfb5d3378fb712c2a9951 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189186 Malicious code in repository-heka-nestjs-mesosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 280a9a067b4d3a3569af0705929db53acb6d1cabc8a723c0f0e6fbe9a4024fb4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186635 Malicious code in double-rain-protected-import-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8581e04e65ec57750c45a77518bc0bde32027cce7cec3092673048972abc390a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187306 Malicious code in heka-mdx-kaus-indus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 272c8eefdcedd52dab7dc0dd7eef12e6f770658cedcd0d14ba9ec787e9ad9cb3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...