CVE-2026-6202

The vulnerability CVE-2026-6202 affects code-projects Easy Blog Site 1.0. It targets the file post.php, where manipulation of the tags argument leads to a SQL injection via an unknown function. The attack can be initiated remotely, and the exploit has been released publicly. No remediation detail...

CVE-2025-14541

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

CVE-2025-13860 Easy Jump Links Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htags parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

PT-2025-49220

The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the h tags parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

EUVD-2018-17950

Malware in sbrugna...

EUVD-2012-3786

Malware in sbrugna...

EUVD-2018-8085

Malware in sbrugna...

EUVD-2017-15136

Malware in sbrugna...

EUVD-2018-18628

Malware in sbrugna...

CVE-2023-26982

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...

CVE-2023-1016

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

PT-2025-7592 · Phpress · Ppress

Name of the Vulnerable Software and Affected Versions: Ppress version 0.0.9 Description: A stored Cross-Site Scripting vulnerability in the "related recommendations" feature allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and...

PT-2023-16691 · WordPress · Intuitive Custom Post Order

Name of the Vulnerable Software and Affected Versions: Intuitive Custom Post Order plugin for WordPress versions up to, and including, 3.1.3 Description: The issue arises from insufficient escaping on the user-supplied objects and tags parameters and a lack of sufficient preparation in the update...

CVE-2023-26982

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...

CVE-2023-26982

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...

Darwin Factor 跨站脚本漏洞

Darwin Factor is a free and open source next-generation TypeScript framework from the U.S. company Darwin . Used to create blogs , login pages and JamStack applications . Darwin Factor has a cross-site scripting vulnerability , the vulnerability stems from the vulnerability to reflected cross-sit...

CVE-2014-9917

An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter...

Cross site scripting

An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter...

CVE-2018-16233

MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter...