CVE-2026-5341

The NMR Strava activities plugin for WordPress is affected by CVE-2026-5341, with a Stored Cross-Site Scripting flaw in the strava_nmr_connect shortcode across all versions up to 1.0.14. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an...

CVE-2026-5341

The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-38903

Name of the Vulnerable Software and Affected Versions NMR Strava activities plugin for WordPress versions prior to 1.0.15 Description Insufficient input sanitization and output escaping on user supplied attributes in the strava nmr connect shortcode allow authenticated attackers with...

EUVD-2024-32880

Malicious code in bioql PyPI...

CVE-2024-10038

The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2024-10038

The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2024-10038

CVE-2024-10038 — WP-Strava (WordPress) is an authenticated stored XSS vulnerability in the WP-Strava plugin up to version 2.12.1. The root cause is “insufficient input sanitization and output escaping” in admin settings, allowing an attacker with administrator-level permissions to inject scripts ...

WordPress WP-Strava plugin <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by paupu in WordPress Plugin WP-Strava versions = 2.12.1...

WordPress WP-Strava Plugin <= 2.12.1 is vulnerable to Cross Site Scripting (XSS)

Software WP-Strava Type Plugin Vulnerable versions = 2.12.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10038 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID dd6efa54c071 Credits paupu Required privilege...