CVE-2025-13625 WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2025-13625

CVE-2025-13625 pertains to the WP-SOS-Donate Donation Sidebar Plugin for WordPress. Wordfence details a Reflected Cross-Site Scripting flaw that affects all versions up to and including 0.9.2, caused by insufficient input sanitization and output escaping of the $_SERVER['PHP_SELF'] parameter. The...

EUVD-2021-21316

Malware in sbrugna...

EUVD-2020-17728

Malware in sbrugna...

EUVD-2017-14580

Malware in sbrugna...

EUVD-2007-6173

Malware in sbrugna...

WordPress Responsive Sidebar plugin <= 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Responsive Sidebar versions = 1.2.2...

CVE-2025-23535 WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1...

CVE-2025-23912 WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through = 2.3...

CVE-2022-1717

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

CVE-2021-34666 Add Sidebar <= 2.0.0 Reflected Cross-Site Scripting

The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the /wpsidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress Add Sidebar plugin has a security...

WordPress Add Sidebar plugin <= 2.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Add Sidebar plugin versions = 2.0.0. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...

Cross site request forgery (csrf)

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin...

CVE-2007-6205

CVE-2007-6205 is a cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) of S9Y Serendipity prior to 1.2.1. An attacker can inject arbitrary script/HTML via a link in an RSS feed. Public advisories (Debian DSA-1528-1, related OpenVAS/NVL) documen...