14 matches found
EUVD-2025-18255
Malicious code in bioql PyPI...
EUVD-2024-27696
Malicious code in bioql PyPI...
CVE-2025-7809
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin Track, Analyze & Optimize by WP Tao versions = 1.3...
CVE-2024-5763
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...
CVE-2015-10101
A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be...
CVE-2024-13619
The CVE-2024-13619 entry concerns the WordPress plugin LifterLMS prior to 8.0.1. The vulnerability is a Reflected XSS caused by insufficient sanitisation/escaping of an input parameter before it is echoed back on the page, which could impact high-privilege users such as admins. Public references ...
CVE-2025-32588 WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Credova Financial CredovaFinancial allows Reflected XSS. This issue affects CredovaFinancial: from n/a through 2.4.8...
CVE-2025-23704 WordPress Your Lightbox plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through = 1.0...
CVE-2025-23897 WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...
CVE-2024-11427
CVE-2024-11427 affects the WordPress Catch Popup plugin (versions
CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS
The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...
CVE-2023-25462 WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP htaccess Control plugin = 3.5.1 versions...
CVE-2021-38350 spideranalyse <= 0.0.1 Reflected Cross-Site Scripting
The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the /analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1...