CVE-2026-5425

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-1397

The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...

CVE-2025-68595 WordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through = 1.8...

CVE-2025-68595 WordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through = 1.8...

EUVD-2011-5156

Malware in sbrugna...

EUVD-2025-30644

Malicious code in bioql PyPI...

EUVD-2024-36878

Malicious code in bioql PyPI...

EUVD-2025-26024

Malicious code in bioql PyPI...

CVE-2025-57989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...

CVE-2025-57989

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...

CVE-2025-57989 WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...

CVE-2025-57989

CVE-2025-57989 is an Stored XSS in WordPress Widgets Shortcode (Authenticated) affecting WordPress Widgets Shortcode

PT-2025-38839

Name of the Vulnerable Software and Affected Versions Brajesh Singh WordPress Widgets Shortcode versions through 1.0.3 Description The software contains a flaw due to improper handling of input during the creation of web pages, specifically a Stored Cross-site Scripting issue. This allows for the...

PT-2025-37136

The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison, HotSpot Plus, and Google Maps widgets in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-3638

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on us...

CVE-2024-37918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...

WordPress plugin Widgets Reset 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Widgets as Shortcodes plugin <= 5.9.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Widgets as Shortcodes versions = 5.9.10...

PT-2024-27823 · WordPress · Coneblog – Wordpress Blog Widgets

Name of the Vulnerable Software and Affected Versions: ConeBlog – WordPress Blog Widgets versions 1.4.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

CVE-2024-4342

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...