117 matches found
CVE-2018-6002
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php warsoundypreview parameter...
EUVD-2021-11515
Malware in sbrugna...
EUVD-2019-7789
Malware in sbrugna...
EUVD-2022-24893
Malicious code in bioql PyPI...
EUVD-2022-24629
Malicious code in bioql PyPI...
EUVD-2022-35080
Malicious code in bioql PyPI...
WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder Plugin <= 2.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Multimedia Playlist Slider Addon for WPBakery Page Builder versions = 2.1...
CVE-2025-8317
The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.3.10...
WordPress Integration for Contact Form 7 and Constant Contact Plugin plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.7...
WordPress Supermalink <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin Supermalink versions = 1.1...
WordPress Wonder Slider Lite plugin <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting
Authenticated Contributor+ Dom-based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Wonder Slider Lite versions = 14.4...
WordPress WP Get The Table plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via url Parameter vulnerability discovered by Gilang in WordPress Plugin WP Get The Table versions = 1.5...
WordPress Get Youtube Subs plugin <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via subscribe_link_att Function vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via subscribelinkatt Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Get Youtube Subs versions = 3.5...
WordPress Structured Content plugin <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via scfslocalbusiness Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Structured Content versions = 1.6.4...
WordPress Fleetwire Fleet Management Plugin plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via fleetwire_list Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via fleetwirelist Shortcode vulnerability discovered by Gilang in WordPress Plugin Fleetwire Fleet Management versions = 1.0.19...
WordPress User Registration plugin <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via urcrrestrict Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin User Registration versions = 4.2.4...
WordPress Ebook Store plugin <= 5.8012 - Authenticated (Administrator+) Stored Cross-Site Scripting via Order Details vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Order Details vulnerability discovered by Bee in WordPress Plugin Ebook Store versions = 5.8012...
WordPress ThemeREX Addons plugin <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via trxaddonsgetsvgfromfile Function vulnerability discovered by stealthcopter in WordPress Plugin ThemeREX Addons versions = 2.35.1.1...
WordPress Temporarily Hidden Content plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Temporarily Hidden Content versions = 1.0.6...