EUVD-2026-32103

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin EnvíaloSimple: Email Marketing y Newsletters SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2023-29388

Unauth. Reflected Cross-Site Scripting XSS vulnerability in impleCode Product Catalog Simple plugin = 1.6.17 versions...

EUVD-2023-39126

Malicious code in bioql PyPI...

CVE-2023-35092

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

CVE-2025-1405

The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's showproducts shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-46803 WordPress Simple Newsletter Plugin – Noptin plugin <= 1.9.5 - Unauth. CSV Injection vulnerability

A vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box.This issue affects Noptin: from n/a through = 1.9.5...

WordPress Google Maps made Simple Plugin <= 0.6 is vulnerable to SQL Injection

Software Google Maps made Simple Type Plugin Vulnerable versions = 0.6 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5315 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 9139046f56f6 Credits István Márton Required privilege Subscriber...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in impleCode Product Catalog Simple plugin = 1.6.17 versions...

CVE-2023-29388

CVE-2023-29388 affects WordPress plugin Product Catalog Simple (post-type-x) version

CVE-2022-30965

Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-30965

Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier is affected by a stored XSS vulnerability due to not escaping the name and description of Promotion Level parameters on views that display parameters. Exploitation requires Item/Configure permission. The issue is documented across multiple s...

CVE-2022-25202

Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

WordPress Product Catalog Simple plugin <= 1.5.12 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Product Catalog Simple plugin versions = 1.5.12. Solution Update the WordPress Product Catalog Simple plugin to the latest available version at least 1.5.13...