EUVD-2024-33257

Malicious code in bioql PyPI...

CVE-2025-32541 WordPress WooCommerce Sales MIS Report Plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in infosoftplugin WooCommerce Sales MIS Report woocommerce-mis-report allows Reflected XSS.This issue affects WooCommerce Sales MIS Report: from n/a through = 4.0.3...

CVE-2024-10711

The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary...

WordPress AlT Report plugin <= 1.12.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin AlT Report versions = 1.12.0...

CVE-2023-32299

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through = 3.7.3...

MAL-2024-10809 Malicious code in seller-vuex-report-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d1caf07f7bf71a4f82b9bc3d65c3a2cbd6a7f7762185704479a04da297485e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in seller-vuex-report-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d1caf07f7bf71a4f82b9bc3d65c3a2cbd6a7f7762185704479a04da297485e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-10711

The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary...

CVE-2024-38683 WordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5...

CVE-2023-27627

Unauth. Reflected Cross-Site Scripting XSS vulnerability in eggemplo Woocommerce Email Report plugin = 2.4 versions...

Stored XSS vulnerability in Locked Files Report Plugin

Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2271

Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2271

CVE-2020-2271 affects Jenkins Locked Files Report Plugin (versions ≤ 1.6). The issue is a stored XSS where locked files’ names are not escaped in tooltips, exploitable by attackers with Job/Configure permission. Root cause: insufficient escaping in tooltip rendering. Impact is XSS within Jenkins ...

Atlassian FishEye Code Metrics Report Plugin XSS

The version of Atlassian FishEye running on the remote host has a cross-site scripting vulnerability. The Code Metrics Report Plugin does not properly sanitize user input. A remote attacker could exploit this by tricking a user into making a maliciously crafted request, resulting in the execution...