2018 matches found
WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...
WordPress plugin Popping Sidebars and Widgets Light 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
PT-2025-36192
Name of the Vulnerable Software and Affected Versions: OTWthemes Popping Sidebars and Widgets Light versions through 1.27 Description: A Cross-Site Request Forgery CSRF vulnerability exists in OTWthemes Popping Sidebars and Widgets Light, which also allows Reflected Cross-Site Scripting XSS...
CVE-2025-48354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elementor allows Stored XSS.This issue affects Better Post & Filter Widgets for Elementor: from n/a throug...
CVE-2025-48354
CVE-2025-48354 affects WordPress plugin Better Post & Filter Widgets for Elementor (WP Smart Widgets). The issue is a Stored XSS caused by improper input neutralization during web page generation, impacting versions up to 1.6.0 (sources also reference later patch info). CVSSv3.1 base score 6.5 (A...
WordPress plugin Better Post & Filter Widgets for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-34962
Name of the Vulnerable Software and Affected Versions: Unlimited Elements For Elementor plugin for WordPress versions prior to 1.5.149 Description: The Unlimited Elements For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple widgets. Insufficient input...
PT-2025-35023
Name of the Vulnerable Software and Affected Versions: WP Smart Widgets Better Post & Filter Widgets for Elementor versions through 1.6.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS...
CVE-2025-8567
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin Better Post & Filter Widgets for Elementor versions = 1.6.1...
CVE-2025-8567
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-8567 Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-8567
CVE-2025-8567: Nexter Blocks (WordPress)
CVE-2025-8567 Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
MAL-2025-9230 Malicious code in @paysol-widgets/client (npm)
The package @paysol-widgets/client was found to contain malicious code...
MAL-2025-34248 Malicious code in sutterhealth-ui-toolkit-widgets (npm)
The package sutterhealth-ui-toolkit-widgets was found to contain malicious code...
Malicious code in sportstream-widgets (npm)
The package sportstream-widgets was found to contain malicious code...
MAL-2025-15555 Malicious code in beam-widgets (npm)
The package beam-widgets was found to contain malicious code...
Malicious code in @light-widgets/legacy (npm)
The package @light-widgets/legacy was found to contain malicious code...
Malicious code in anan-d-widgets (npm)
The package anan-d-widgets was found to contain malicious code...