14 matches found
EUVD-2025-9241
Malicious code in bioql PyPI...
CVE-2021-24503
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still hav...
CVE-2025-31786
Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through = 2.8.4...
CVE-2025-31786
Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through = 2.8.4...
CVE-2025-31786 WordPress Simple Icons plugin <= 2.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Travis Simple Icons simple-icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Icons: from n/a through = 2.8.4...
CVE-2025-31786 WordPress Simple Icons plugin <= 2.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Travis Simple Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Icons: from n/a through 2.8.4...
CVE-2025-31786
CVE-2025-31786 describes a Missing Authorization vulnerability in the Simple Icons plugin (WordPress), affecting versions up to 2.8.4. The entry notes a CVSS v3.1 base score of 5.3 (medium) and indicates exploitation would involve access control misconfigurations, but there are no public details ...
PT-2025-14172 · Unknown · Travis Simple Icons
Name of the Vulnerable Software and Affected Versions: Travis Simple Icons versions through 2.8.4 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 2.8.4,...
WordPress plugin Simple Icons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Cross site scripting
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still...
CVE-2021-24503 Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still hav...
CVE-2021-24503
The CVE concerns the WordPress plugin Popular Brand Icons – Simple Icons, prior to version 2.7.8. It fails to sanitize/validate shortcode parameters (e.g., color, size, class), enabling Cross-Site Scripting via these inputs. A contributor can trigger XSS with admin approval, while editors may exp...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plug...
Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS
The plugin does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in...