EUVD-2025-15350

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

tarteaucitron-wp is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing author-level users to inject arbitrary HTML into posts or pages...

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

GHSA-FXPC-QMRH-7J2H tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11718

The CVE concerns tarteaucitron-wp WordPress plugin prior to version 0.3.0. Affected scenario: author level and above users can insert HTML into a post/page, enabling Stored XSS for users with contributor role or higher. Impact stated as Stored XSS (content/script injection) with potential to affe...

WordPress plugin tarteaucitron-wp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin tarteaucitron-wp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-21424 · WordPress · Tarteaucitron-Wp

Name of the Vulnerable Software and Affected Versions: tarteaucitron-wp WordPress plugin versions prior to 0.3.0 Description: The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS...