493 matches found
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-1893
The CVE affects Orbisius Random Name Generator for WordPress. Description: Stored Cross-Site Scripting via the btn_label shortcode attribute in orbisius_random_name_generator, affect versions up to 1.0.2. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attac...
WordPress plugin Orbisius Random Name Generator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in neuromorphic-cybernetics-cosmogenic-neutronstar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 160b9ee422b1614bc10ab76b17cfd59829dd820e115922f452f8253b0f2750f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186635 Malicious code in double-rain-protected-import-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8581e04e65ec57750c45a77518bc0bde32027cce7cec3092673048972abc390a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186137 Malicious code in chi-mu-socket-cold-small (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c962890667949b1dda36ebe56787555eacad6d8b589542c2a0f944f45c3d10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186332 Malicious code in cosmiconfig-xml-rehype-webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c337d51a5afe782ff83bde8f55685686a71e8d4b23d52af00c64f247b76db8e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in earth-protected-gamma-test-star (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 607017a42bce9e56670763a33b409d170584375240403b448fd7b4741454f5f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in easy-emulate-try-psi-balance (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b725c2958c571c434e5ee27ebe65d6524758ba7da779226c50ea40f71bbbdba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186826 Malicious code in error-fast-class-visualize-new (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ab6287114c993123a1c774b449f01bfe2dc45a5f5b310517d84dc224ebd170 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190315 Malicious code in wezen-paleoanthropology-betelgeuse-asthenosphere (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96cd5dd57c26dcfb171d2cac13929816f5c301752a421417e4591099fc8d6eb3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187306 Malicious code in heka-mdx-kaus-indus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 272c8eefdcedd52dab7dc0dd7eef12e6f770658cedcd0d14ba9ec787e9ad9cb3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186823 Malicious code in error-alpha-sanitize-sanitize-daemon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c05a938b12a3f015427b82e19d6772e1ff1d896c7088a090df2f14ff244015e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187541 Malicious code in iota-levels-foundation-solis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c2b0af1eef0fba29bf292945385ea48af585baa02b34ea53e9ae76e24eca73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...