27 matches found
EUVD-2023-29437
Malicious code in bioql PyPI...
EUVD-2025-4013
Malicious code in bioql PyPI...
CVE-2022-4827
The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-25073
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vasilis Triantafyllou Easy WP Tiles easy-wp-tiles allows Stored XSS.This issue affects Easy WP Tiles: from n/a through = 1...
CVE-2025-25073
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vasilis Triantafyllou Easy WP Tiles easy-wp-tiles allows Stored XSS.This issue affects Easy WP Tiles: from n/a through = 1...
CVE-2025-25073
CVE-2025-25073 describes a Stored XSS in Easy WP Tiles for WordPress, caused by improper input neutralization during web page generation. Affected: Easy WP Tiles versions n/a through 1. The provided documents do not include exploitation details or a confirmed patch/remediation version. Related so...
CVE-2025-25073 WordPress Easy WP Tiles plugin <= 1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1...
CVE-2025-25073 WordPress Easy WP Tiles plugin <= 1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vasilis Triantafyllou Easy WP Tiles easy-wp-tiles allows Stored XSS.This issue affects Easy WP Tiles: from n/a through = 1...
WordPress plugin Easy WP Tiles 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-5912 · WordPress · Easy Wp Tiles
Name of the Vulnerable Software and Affected Versions: Easy WP Tiles versions n/a through 1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicio...
WordPress Easy WP Tiles plugin <= 1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Pham Van Tam in WordPress Plugin Easy WP Tiles versions = 1...
CVE-2023-25482
Cross-Site Request Forgery CSRF vulnerability in Mike Martel WP Tiles plugin = 1.1.2 versions...
CVE-2023-25482 WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Mike Martel WP Tiles plugin = 1.1.2 versions...
CVE-2023-25482
CVE-2023-25482 is a CSRF vulnerability in the WordPress plugin WP Tiles (Mike Martel) affecting versions
WordPress Plugin wp-tiles 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Tiles Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25482 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46da7d675f17 Credits Mika Required privilege...
WP Tiles <= 1.1.2 - Cross-Site Request Forgery
The plugin does not properly validate and verify requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...
CVE-2023-1426
The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post...
Cross site scripting
The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4827
Summary: CVE-2022-4827 affects the WP Tiles WordPress plugin up to version 1.1.2. The vulnerability stems from insufficient validation/escaping of shortcode attributes, allowing stored XSS when a user with contributor+ privileges renders a page/post containing the shortcode. Impact is stored XSS ...