39 matches found
EUVD-2021-11285
Malware in sbrugna...
EUVD-2017-6215
Malware in sbrugna...
EUVD-2016-1907
Malware in sbrugna...
EUVD-2014-4521
Malware in sbrugna...
CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter
The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-52798
CVE-2025-52798 is a Reflected XSS in the WordPress JobSearch plugin. The issue arises from improper input neutralization during web page generation, enabling an attacker to inject scripts via the JobSearch UI. Affected software: WordPress JobSearch (plugin) versions up to 2.9.0. CVSS v3.1 base sc...
WordPress DearFlip plugin <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability
DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability discovered by Martin Herancourt in WordPress Plugin DearFlip versions = 2.3.65...
CVE-2025-50048 WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9...
CVE-2025-31638 WordPress Spare <= 1.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7...
CVE-2024-6339
The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2021-24351
The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...
CVE-2020-27356
The debug-meta-data plugin 1.1.2 for WordPress allows XSS...
CVE-2009-3891
Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...
CVE-2025-1289
The CVE-2025-1289 entry concerns the Plugin Oficial WordPress plugin up to version 1.7.3. The vulnerability is a stored XSS risk caused by insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject XSS even when unfiltered_html is disallowed (no...
CVE-2025-47443 WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through = 2.7.4...
CVE-2025-46471 WordPress WP Custom Post Popup plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gnanavelshenll WP Custom Post Popup custom-post-popup allows DOM-Based XSS.This issue affects WP Custom Post Popup: from n/a through = 1.0.1...
PT-2025-17840 · WordPress · Wp-Recaptcha-Bp
Name of the Vulnerable Software and Affected Versions: WP-reCAPTCHA-bp versions n/a through 4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject...
CVE-2025-46228 WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post allows DOM-Based XSS.This issue affects Event post: from n/a through = 5.9.11...
CVE-2025-32592 WordPress TableOn Plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a through = 1.0.3...
PT-2025-17167 · WordPress · Wpfactory Product Excel Import Export & Bulk Edit For Woocommerce
Name of the Vulnerable Software and Affected Versions: WPFactory Product Excel Import Export & Bulk Edit for WooCommerce versions n/a through 4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows...