CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

EUVD-2026-1477

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...

EUVD-2025-26177

Malicious code in bioql PyPI...

WordPress List Subpages plugin cross-site scripting vulnerability

ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...

CVE-2025-8290

The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-8290 List Subpages <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter

The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

CVE-2025-8290

CVE-2025-8290 affects the WordPress plugin List Sub Pages (List Subpages) up to version 1.0.6. The vulnerability is a Stored Cross-Site Scripting flaw in the title parameter caused by insufficient input sanitization and output escaping, allowing authenticated attackers with at least Contributor-l...

WordPress plugin List Subpages 跨站脚本漏洞

ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...

PT-2025-35188

Name of the Vulnerable Software and Affected Versions: The List Subpages plugin for WordPress versions up to and including 1.0.6 Description: The List Subpages plugin for WordPress is susceptible to Stored Cross-Site Scripting through the title parameter. Insufficient input sanitization and outpu...

Attack Smarter: Attention-Driven Fine-Grained Webpage Fingerprinting Attacks

Website Fingerprinting WF attacks aim to infer which websites a user is visiting by analyzing traffic patterns, thereby compromising user anonymity. Although this technique has been demonstrated to be effective in controlled experimental environments, it remains largely limited to small-scale...

CVE-2025-4220

The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220

The Xavins List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220 Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xavins List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220 Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xavins List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4220

CVE-2025-4220 affects the WordPress plugin Xavin’s List Subpages. The issue is a Stored Cross-Site Scripting via the plugin’s 'xls' shortcode caused by insufficient input sanitization and output escaping of user-supplied attributes. Attack requires authenticated access at contributor level or hig...

PT-2025-19922 · WordPress · Xavin'S List Subpages

Name of the Vulnerable Software and Affected Versions: Xavin's List Subpages plugin for WordPress versions up to and including 1.3 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'xls' shortcode. This allows authenticated...

WordPress Xavin's List Subpages plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Xavin's List Subpages versions = 1.3...

WordPress plugin Xavins List Subpages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

DEBIAN-CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...

UBUNTU-CVE-2024-34506

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the...