933 matches found
WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...
CVE-2025-8195
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2025-203247
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-8195
CVE-2025-8195 affects the WordPress plugin JetWidgets For Elementor. It is a stored cross-site scripting (XSS) vulnerability in the Image Comparison and Subscribe widgets, exploitable in all versions up to 1.0.20. The root cause is insufficient input sanitization and output escaping on user-suppl...
CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress plugin JetWidgets For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
PT-2025-51105
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
EUVD-2025-200218
Mattermost versions 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does...
WordPress Plugin YouTube Subscribe Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...
CVE-2025-12025
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
CVE-2025-12025
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
CVE-2025-12025
CVE-2025-12025 affects the WordPress YouTube Subscribe plugin (versions
CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
EUVD-2025-199573
The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
WordPress YouTube Subscribe plugin <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via Title and Channel ID vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin YouTube Subscribe versions = 3.0.0...
WordPress plugin YouTube Subscribe 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...
EUVD-2025-198817
Malicious code in scgs-capacitor-subscribe npm...
Malicious code in scgs-capacitor-subscribe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3fb81fa33f5db11bebf15b6af6f18a63ca129349c0d7bcaf729dc27f69d63f2 The package scgs-capacitor-subscribe was found to contain malicious code. Source: ghsa-malware...