68 matches found
EUVD-2015-9198
Malware in sbrugna...
EUVD-2015-9215
Malware in sbrugna...
EUVD-2015-9206
Malware in sbrugna...
EUVD-2015-9145
Malware in sbrugna...
EUVD-2024-33235
Malicious code in bioql PyPI...
CVE-2015-9379
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2025-2635
CVE-2025-2635 is a reflected XSS in the Digital License Manager plugin for WordPress. Affected: all versions
CVE-2024-13705
The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
WordPress plugin StageShow 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin StageShow...
CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-11360
The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-10882 Product Delivery Date for WooCommerce - Lite <= 2.8.0 - Reflected Cross-Site Scripting
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...
CVE-2024-10850 Razorpay Payment Button for Elementor <= 1.2.5 - Reflected Cross-Site Scripting
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...
CVE-2024-10647
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated...
CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9211
The CVE CVE-2024-9211 affects the WordPress plugin FULL – Cliente (≤ 3.1.22). It is a Reflected Cross-Site Scripting vulnerability caused by using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts when a user is tricked into clicking ...
CVE-2024-9207 BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9207 BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...