CVE-2023-4521

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

EUVD-2022-5504

Malicious code in bioql PyPI...

CVE-2021-25001

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin Import XML and RSS Feeds Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in th...

CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

Description The plugin contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42 and not deletin...

GHSA-W5Q4-Q7WP-QWW6 Craft CMS XSS Vulnerability

Craft CMS before 3.1.31 does not properly filter XML feeds, thus allowing XSS...

Craft CMS XSS Vulnerability

Craft CMS before 3.1.31 does not properly filter XML feeds, thus allowing XSS...

CVE-2021-25001

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue...

Cross site scripting

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue...

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

The plugin does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue The "Product XML Feeds" module needs to be enabled in "Woocommerce - Boost...

WordPress Booster for WooCommerce plugin <= 5.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability in Product XML Feeds Module

Reflected Cross-Site Scripting XSS vulnerability in Product XML Feeds Module discovered by Jeremie Amsellem in WordPress Booster for WooCommerce plugin versions = 5.4.8. Solution Update the WordPress Booster for WooCommerce plugin to the latest available version at least 5.4.9...

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

The plugin does not sanitise and escape the wcjcreateproductsxmlresult parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue PoC The "Product XML Feeds" module needs to be enabled in "Woocommerce -...

Vulnerability fixed in IBM WebSphere Application Server

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows a malicious party to obtain sensitive information and to potentially cause a denial-of-service cause. The attack on this vulnerability is known as an External Entity Injection XXE attack in which rogue co...

CVE-2019-12823

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...

CVE-2019-12823

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...

Cross site scripting

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...

CVE-2019-12823

Craft CMS before 3.1.31 is vulnerable to cross-site scripting due to improper filtering of XML feeds. Affects Craft CMS core XML feed handling; attacker could inject and execute client-side scripts. CVSS metrics indicate MEDIUM severity (CVSS 3.1 base 6.1) with network access, no privileges requi...

CVE-2019-12823

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...

RIG exploit kit campaign gets deep into crypto craze

There isn't a day that goes by without a headline about yet another massive spike in Bitcoin valuation, or a story about someone mortgaging their house to purchase the hardware required to become a serious cryptocurrency miner. If many folks are thinking about joining the 'crypto craze' movement,...