92 matches found
EUVD-2024-48949
Malicious code in bioql PyPI...
EUVD-2024-48951
Malicious code in bioql PyPI...
EUVD-2024-48942
Malicious code in bioql PyPI...
EUVD-2024-48952
Malicious code in bioql PyPI...
EUVD-2024-49873
Malicious code in bioql PyPI...
EUVD-2024-51671
Malicious code in bioql PyPI...
EUVD-2024-48940
Malicious code in bioql PyPI...
EUVD-2024-34339
Malicious code in bioql PyPI...
WordPress WP Extended plugin <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by rajanhoyr in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.15...
CVE-2024-8119
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
CVE-2024-8117
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selectedoption’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
CVE-2024-8123
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...
CVE-2025-30796
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.14...
CVE-2025-30796
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.14...
CVE-2025-30796 WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through = 3.0.14...
CVE-2025-30796
CVE-2025-30796 in The Ultimate WordPress Toolkit – WP Extended (up to 3.0.14) is a reflected XSS vulnerability caused by improper neutralization of input during web page generation. The CVSS‑3.1 base score is 7.1 (HIGH) with NETWORK attack vector, LOW confidentiality/integrity/availability impact...
WordPress plugin The Ultimate WordPress Toolkit – WP Extended 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPre...
PT-2025-14047 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended versions n/a through 3.0.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.14...
CVE-2024-13554
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorderroute function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder pos...