Malicious code in sandbox-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c5f2d0637a754e0e34c42c8102f8273c2274724e47bfb3076b1f9761eb217e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5794 Malicious code in sandbox-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59c5f2d0637a754e0e34c42c8102f8273c2274724e47bfb3076b1f9761eb217e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-13367

The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the exportdownload action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of...

CVE-2024-13367

The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the exportdownload action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of...

CVE-2024-13366

The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-13366

CVE-2024-13366 concerns the Sandbox plugin for WordPress, which is vulnerable to Reflected Cross-Site Scripting via the debug parameter in all versions up to 0.4 due to insufficient input sanitization and output escaping. The CVE description states this allows unauthenticated attackers to inject ...

CVE-2024-13366 Sandbox <= 0.4 - Reflected Cross-Site Scripting

The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-13367

CVE-2024-13367 affects the Sandbox WordPress plugin. The root cause is a missing capability check on the export_download action in all versions up to and including 0.4, enabling authenticated users with Subscriber-level access or higher to download an entire sandbox environment (potentially conta...

CVE-2024-13366 Sandbox <= 0.4 - Reflected Cross-Site Scripting

The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-13367 Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download

The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the exportdownload action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of...

PT-2025-2135 · WordPress · Sandbox

Name of the Vulnerable Software and Affected Versions: The Sandbox plugin for WordPress versions up to, and including, 0.4 Description: The issue arises from a missing capability check on the export download action, allowing authenticated attackers with Subscriber-level access and above to downlo...

PT-2025-2134 · WordPress · Sandbox

Name of the Vulnerable Software and Affected Versions: Sandbox plugin for WordPress versions up to and including 0.4 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through the...

WordPress plugin Sandbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Sandbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Sandbox plugin <= 0.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Stiofan in WordPress Theme Sandbox versions = 0.4...