9 matches found
EUVD-2022-52081
Malicious code in bioql PyPI...
EUVD-2023-12432
Malicious code in bioql PyPI...
EUVD-2022-51832
Malicious code in bioql PyPI...
EUVD-2022-52003
Malicious code in bioql PyPI...
CVE-2023-0075
The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4829 Show-Hide / Collapse-Expand < 1.3.0 - Contributor+ Stored XSS via Shortcode
The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...
Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The shortcode generates the conten...
3D FlipBook < 1.13.3 - Contributor+ Stored XSS
The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. PoC 1. As an administrator,...