47 matches found
CVE-2026-5341
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2026-28541
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341 NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341 NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341
The NMR Strava activities plugin for WordPress is affected by CVE-2026-5341, with a Stored Cross-Site Scripting flaw in the strava_nmr_connect shortcode across all versions up to 1.0.14. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an...
WordPress plugin NMR Strava activities 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-38903
Name of the Vulnerable Software and Affected Versions NMR Strava activities plugin for WordPress versions prior to 1.0.15 Description Insufficient input sanitization and output escaping on user supplied attributes in the strava nmr connect shortcode allow authenticated attackers with...
WordPress NMR Strava activities plugin <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin NMR Strava activities versions = 1.0.14...
EUVD-2024-45438
Malicious code in bioql PyPI...
EUVD-2024-32880
Malicious code in bioql PyPI...
MAL-2025-5920 Malicious code in grafana-strava-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grafana-strava-datasource (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38acd1154b6064c05313534795a57d0d6e586cc8ebd1a6a353b4ccaa3b27465 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-10038
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2024-51603
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mirceatm NMR Strava activities nmr-strava-activities allows DOM-Based XSS.This issue affects NMR Strava activities: from n/a through = 1.0.7...
CVE-2024-10038
The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2024-10038
CVE-2024-10038 — WP-Strava (WordPress) is an authenticated stored XSS vulnerability in the WP-Strava plugin up to version 2.12.1. The root cause is “insufficient input sanitization and output escaping” in admin settings, allowing an attacker with administrator-level permissions to inject scripts ...
WordPress plugin WP-Strava 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
PT-2024-15989 · WordPress · Wp-Strava
Name of the Vulnerable Software and Affected Versions: WP-Strava plugin for WordPress versions up to, and including, 2.12.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...