WordPress TopBar plugin cross-site request forgery vulnerability

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

CVE-2025-10300 TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

CVE-2025-10300 TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

EUVD-2025-34551

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

WordPress TopBar plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by jsonc in WordPress Plugin TopBar versions = 1.0.0...

EUVD-2025-29087

Malicious code in bioql PyPI...

EUVD-2023-27910

Malicious code in bioql PyPI...

EUVD-2023-27767

Malicious code in bioql PyPI...

EUVD-2024-45689

Malicious code in bioql PyPI...

Unmark searchform.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions suffer from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in the file...

CVE-2025-10330

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

CVE-2025-10330 cdevroe unmark searchform.php cross site scripting

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

Malicious code in finnlet-topbar-minimal (npm)

The package finnlet-topbar-minimal was found to contain malicious code...

MAL-2025-20578 Malicious code in finnlet-topbar-minimal (npm)

The package finnlet-topbar-minimal was found to contain malicious code...

MAL-2025-20577 Malicious code in finnlet-topbar (npm)

The package finnlet-topbar was found to contain malicious code...

Malicious code in finnlet-topbar (npm)

The package finnlet-topbar was found to contain malicious code...

CVE-2024-51894

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reyzua Topbar ID for Elementor topbar-id-for-elementor allows DOM-Based XSS.This issue affects Topbar ID for Elementor: from n/a through = 1.0.1...

CVE-2024-51894

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reyzua Topbar ID for Elementor topbar-id-for-elementor allows DOM-Based XSS.This issue affects Topbar ID for Elementor: from n/a through = 1.0.1...

CVE-2024-51894 WordPress Topbar ID for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Reyzua Topbar ID for Elementor allows DOM-Based XSS.This issue affects Topbar ID for Elementor: from n/a through 1.0.1...