30 matches found
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response
Summary Three security vulnerabilities were identified in changedetection.io through source code review and live validation against a locally deployed Docker instance. All vulnerabilities were confirmed exploitable on the latest version 0.53.6 it was additionally validated at scale against 500...
CVE-2019-12823
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...
EUVD-2025-21610
Malicious code in bioql PyPI...
CVE-2025-49887
Improper Control of Generation of Code 'Code Injection' vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.3...
CVE-2025-49887 WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.3...
WordPress plugin Product XML Feed Manager for WooCommerce 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
WordPress Product XML Feed Manager for WooCommerce Missing Authorization Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress Product XML Feed Manager for WooCommerce, which can be exploited by an attacker to cause the exploitation of a...
CVE-2025-30959
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.2...
CVE-2025-30959
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.2...
CVE-2025-30959 WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through = 2.9.2...
PT-2025-29788 · WordPress · Wpfactory Product Xml Feed Manager For Woocommerce
Name of the Vulnerable Software and Affected Versions: WPFactory Product XML Feed Manager for WooCommerce versions through 2.9.2 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update WPFactory Product...
GHSA-CC65-XXVF-F7R9 Scrapy vulnerable to ReDoS via XMLFeedSpider
Impact The following parts of the Scrapy API were found to be vulnerable to a ReDoS attack: - The XMLFeedSpider class or any subclass that uses the default node iterator: iternodes, as well as direct uses of the scrapy.utils.iterators.xmliter function. - Scrapy 2.6.0 to 2.11.0: The openinbrowser...
WordPress WordPress Expert Agent XML Feed Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Expert Agent XML Feed Type Plugin Vulnerable versions = 2.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09eb8ef56aa2 Credits Rafie Muhammad...
Sql injection
The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
WordPress plugin Tradetracker-Store SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Tradetracker-Store has a SQL injection vulnerability, which stems from the fact that the test parameters o...
WordPress WordPress Expert Agent XML Feed plugin <= 2.1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Expert Agent XML Feed plugin versions = 2.1.3. Solution No patched version available...
WordPress WordPress Expert Agent XML Feed plugin <= 2.1.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Expert Agent XML Feed plugin versions = 2.1.3. Solution No patched version available...
WordPress server-side request forgery vulnerability (CNVD-2021-59066)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. import-xml-feed of WordPress is vulnerable to server-side request forgery. No detailed vulnerability...
WordPress 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. import-xml-feed of WordPress is vulnerable to server-side request forgery. No detailed vulnerability...
Open-Xchange: [XSS] RSS Feed Widget
Hi. If type == null OR type any not htm, xhtm then data not sanitize, e.g.: - - - RssAction.java: java for SyndContent content : contents String type = content.getType; if null != type && type.startsWith"htm" || type.startsWith"xhtm" foundHtml = true; String htmlContent =...