EUVD-2026-24704

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6246

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin Simple Random Posts Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2024-45896

Malicious code in bioql PyPI...

EUVD-2024-42901

Malicious code in bioql PyPI...

CVE-2025-23744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton random-posts-mp3-player-sharebutton allows Reflected XSS.This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through = 1.4.1...

WordPress plugin Random Posts, Mp3 Player + ShareButton 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPre...

CVE-2024-52409

Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through = 0.3.3...

CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Random Posts, Mp3 Player + ShareButton versions = 1.4.1...

CVE-2024-52409

Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through = 0.3.3...

CVE-2024-52409 WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Phan An AJAX Random Posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through 0.3.3...

CVE-2024-52409

CVE-2024-52409 refers to a Deserialization of Untrusted Data vulnerability in the WordPress plugin AJAX Random Posts (versions up to 0.3.3). The issue enables PHP Object Injection through untrusted data handling. Affected software is AJAX Random Posts; the known vulnerable range is

CVE-2024-52409 WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through = 0.3.3...

WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin AJAX Random Posts versions = 0.3.3...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...

CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

CVE-2024-48029

CVE-2024-48029 affects the WordPress SB Random Posts Widget. The vulnerability is an improper control of the filename for include/require statements in PHP (PHP Remote File Inclusion) that enables Local File Inclusion via the SB Random Posts Widget