182 matches found
WordPress Social Links plugin <= 1.0.11 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability discovered by Abdi Pranata in WordPress Plugin Social Links versions = 1.0.11...
CVE-2025-23933
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpfreeware WpF Ultimate Carousel wpf-ultimate-carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through = 1.0.11...
WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika in WordPress Plugin Salvador – AI Image Generator versions = 1.0.11...
WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WpF Ultimate Carousel versions = 1.0.11...
WordPress plugin WpF Ultimate Carousel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-5230 · Awcode +1 · Awcode +2
Name of the Vulnerable Software and Affected Versions: Salvador – AI Image Generator versions 1.0.11 and earlier Description: The issue is related to a missing authorization vulnerability in AWcode and KingfisherFox Salvador – AI Image Generator, which allows the exploitation of incorrectly...
CVE-2025-22752
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11...
WordPress plugin GSheetConnector for Forminator Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-4673 · Unknown · Gsheetconnector For Forminator Forms
Name of the Vulnerable Software and Affected Versions: GSheetConnector for Forminator Forms versions 1.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inje...
CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems
The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...
CVE-2024-52793
The CVE affects the Deno Standard Library, specifically http/file-server.serveDir with showDirListing: true on POSIX systems, where file names controlled by an attacker can trigger cross-site scripting. Versions prior to 1.0.11 are affected; 1.0.11 fixes the issue. Exploitation is documented as p...
Tenable Sensor Proxy < 1.0.11 (TNS-2024-18)
According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.0.11. It is, therefore, affected by a vulnerability as referenced in the TNS-2024-18 advisory. - Sensor Proxy leverages third-party software to help provide underlying functionality. One of t...
PT-2024-33601 · Unknown · Rafasashi Svg Captcha
Name of the Vulnerable Software and Affected Versions: rafasashi SVG Captcha versions 1.0.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...
PT-2024-30467 · Unknown · Bert Kößler Movie Database
Name of the Vulnerable Software and Affected Versions: Bert Kößler Movie Database versions n/a through 1.0.11 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
CVE-2024-43226
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11...
WordPress WP Dashboard Notes plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin WP Dashboard Notes versions = 1.0.11...
PT-2024-37747 · WordPress · Meks Video Importer
Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...
PT-2024-27081 · Alexbinary · Object-Deep-Assign
Name of the Vulnerable Software and Affected Versions: alexbinary object-deep-assign version 1.0.11 Description: The issue concerns a Prototype Pollution vulnerability via the extend method of Module.deepAssign, located in /src/index.js. Recommendations: For alexbinary object-deep-assign version...
object-deep-assign security vulnerability
object-deep-assign is a library by Alex Binary Personal Developer. A security vulnerability exists in object-deep-assign version 1.0.11, which stems from easy prototype contamination via extend in Module.deepAssign /src/index.js...
Malicious code in test-pkg-blabla (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83b007683c452075ec2dfb23b7de20d38b8d28441ce63b4745fd114bba008a94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...