WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting

WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

EUVD-2018-17436

Malware in sbrugna...

EUVD-2020-22887

Malware in sbrugna...

EUVD-2019-19266

Malware in sbrugna...

EUVD-2021-11161

Malware in sbrugna...

EUVD-2019-16335

Malware in sbrugna...

EUVD-2018-17432

Malware in sbrugna...

CVE-2025-50013 WordPress CSV Importer Improved plugin <= 0.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved allows Stored XSS. This issue affects CSV Importer Improved: from n/a through 0.6.1...

CVE-2025-50048 WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9...

CVE-2025-52782 WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

CVE-2025-31900 WordPress Lexicata plugin <= 1.0.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lexicata Lexicata lexicata allows Reflected XSS.This issue affects Lexicata: from n/a through = 1.0.16...

CVE-2025-31851 WordPress Beds24 Online Booking plugin <= 2.0.26 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markkinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.26...

CVE-2025-26551 WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sureshdsk Bootstrap collapse bootstrap-collapse allows Stored XSS.This issue affects Bootstrap collapse: from n/a through = 1.0.4...

PT-2025-1995 · WordPress · Wp Finance

Name of the Vulnerable Software and Affected Versions: WP Finance WordPress plugin versions 1.3.6 and earlier Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins a...

PT-2024-21146 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin versions prior to 7.0.5 Description: The issue arises from the improper escaping of some shortcode attributes, which can be exploited by users with the contributor role to conduct Stored XSS attacks. This affects over...

CVE-2023-28751 WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wpmet Wp Ultimate Review plugin = 2.0.3 versions...

OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...

Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC button style='"...

Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC fa set='" onmouseover="alert1"...

WordPrezi < 0.9 - Contributor+ Strored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC prezi url="https://prezi.com/'...