136 matches found
CVE-2025-14579
The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...
EUVD-2021-11630
Malware in sbrugna...
EUVD-2022-34610
Malicious code in bioql PyPI...
EUVD-2025-15413
Malicious code in bioql PyPI...
EUVD-2022-42499
Malicious code in bioql PyPI...
EUVD-2022-24772
Malicious code in bioql PyPI...
EUVD-2024-54520
Malicious code in bioql PyPI...
EUVD-2022-42566
Malicious code in bioql PyPI...
EUVD-2022-34674
Malicious code in bioql PyPI...
EUVD-2024-54522
Malicious code in bioql PyPI...
EUVD-2022-24438
Malicious code in bioql PyPI...
EUVD-2025-15220
Malicious code in bioql PyPI...
EUVD-2022-34876
Malicious code in bioql PyPI...
CVE-2024-2696
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5447
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...
CVE-2024-4384
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5169
The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6724
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...