Shodan
Vulnerabilities
Vulnerable Software
Amauri:  Security Vulnerabilities
CVE-2025-4955
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
CVSS Score
4.7
EPSS Score
0.001
Published
2025-06-18
CVE-2025-31476
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert(). Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript execution if a user clicked on a malicious link. An attacker with high privileges could insert a link exploiting an insecure URL scheme, leading to execution of arbitrary JavaScript code, theft of sensitive data through phishing attacks, or modification of the user interface behavior. This vulnerability is fixed in 1.20.1.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-04-07
CVE-2024-13888
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVSS Score
7.2
EPSS Score
0.007
Published
2025-02-20
CVE-2024-35694
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMobile.App allows Reflected XSS.This issue affects WPMobile.App: from n/a through 11.41.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-06-08
CVE-2023-28932
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-10
CVE-2023-26010
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-04
CVE-2023-22702
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved