CVE-2026-11402 Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-37849

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-11402

The CVE-2026-11402 entry concerns the WordPress plugin “Services Section Block – Showcase Service Details in Grid or Columns.” Affected component is the ‘link’ Block Attribute, with stored XSS in all versions up to 1.4.4 due to insufficient input sanitization and output escaping. The vulnerabilit...

WordPress Services Section Block – Showcase Service Details in Grid or Columns plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Philipp Doblhofer - codeaware GmbH in WordPress Plugin Services Section block versions = 1.4.4...

EUVD-2025-5405

Malicious code in bioql PyPI...

CVE-2025-26947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Services Section block services-section allows Stored XSS.This issue affects Services Section block: from n/a through = 1.3.4...

CVE-2025-26947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Services Section block services-section allows Stored XSS.This issue affects Services Section block: from n/a through = 1.3.4...

CVE-2025-26947 WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Services Section block services-section allows Stored XSS.This issue affects Services Section block: from n/a through = 1.3.4...

CVE-2025-26947 WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Services Section block services-section allows Stored XSS.This issue affects Services Section block: from n/a through = 1.3.4...

CVE-2025-26947

CVE-2025-26947 is a Stored XSS in the Services Section block (WordPress plugin) caused by improper input neutralization during web page generation. Affected: Services Section block

WordPress plugin Services Section block 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

PT-2025-7861 · Bplugins · Bplugins Services Section Block

Name of the Vulnerable Software and Affected Versions: bPlugins Services Section block versions 1.3.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability in the Services Section block. This allows...

WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Logan Cote Patchstack Alliance in WordPress Plugin Services Section block versions = 1.3.4...

CVE-2024-50352 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when adding a service to a devic...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. LibreNMS suffers from a cross-site scripting vulnerability that originates from a stored...

PT-2024-34161 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the name parameter when...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tipo or 2 destino parameter to loginregistrese.php3 in the Services section, 3 the rubro parameter to precios.php3 in the Products section, 4...