EUVD-2026-37041

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2026-10093

The CVE-2026-10093 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin File Sharing & Download Manager – User Private Files . Affected versions are all up to and including 2.1.6 . The issue stems from insufficient input sanitization and output escaping in the fldr_ttl pa...

CVE-2023-4636

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

EUVD-2020-26772

Malware in sbrugna...

EUVD-2021-11658

Malware in sbrugna...

EUVD-2023-28069

Malicious code in bioql PyPI...

EUVD-2022-51795

Malicious code in bioql PyPI...

EUVD-2024-31820

Malicious code in bioql PyPI...

CVE-2025-7500

The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

WordPress plugin Social Sharing Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-24005

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin = 2.5.3 versions...

CVE-2021-24736

The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues...

CVE-2020-5611

Cross-site request forgery CSRF vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2024-11252

CVE-2024-11252 concerns the Social Sharing Plugin – Sassy Social Share for WordPress. The Red Hat and NVD entries describe a Reflected Cross-Site Scripting vulnerability in the heateor_mastodon_share parameter, affecting all versions up to and including 3.3.69. The issue stems from insufficient i...

WordPress Social Sharing (by Danny) plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Sharing by Danny versions = 1.3.7...

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4924

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Social Sharing security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...