38 matches found
EUVD-2021-24814
Malware in sbrugna...
EUVD-2015-1100
Malware in sbrugna...
EUVD-2014-1264
Malware in sbrugna...
EUVD-2021-23424
Malware in sbrugna...
EUVD-2025-19685
Malicious code in bioql PyPI...
EUVD-2024-17123
Malicious code in bioql PyPI...
EUVD-2024-50074
Malicious code in bioql PyPI...
EUVD-2025-8113
Malicious code in bioql PyPI...
EUVD-2024-51709
Malicious code in bioql PyPI...
EUVD-2024-46345
Malicious code in bioql PyPI...
EUVD-2024-49901
Malicious code in bioql PyPI...
EUVD-2024-49333
Malicious code in bioql PyPI...
EUVD-2025-17111
Malicious code in bioql PyPI...
CVE-2025-6831 User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode
The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcrrestrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-26913 · WordPress · Wp Masonry & Infinite Scroll
Name of the Vulnerable Software and Affected Versions: WP Masonry & Infinite Scroll plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode due to insufficient input sanitization and output escaping...
CVE-2025-5585
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-50037 WordPress Buying Buddy IDX CRM plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0...
CVE-2025-5841
The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2025-5122
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2024-13386
The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...