CVE-2025-58020 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month, 2 weeks ago by @mweinelt Activity log Created automatic suggestion 2 months, 3 weeks ago @mweinelt removed package haskellPackages.theatre-dev 1 month, 2 weeks ago @mweinelt dismissed 1 month, 2 weeks ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. Affected products theatre =<0.18.8 Matching in nixpkgs
CVE-2025-58652 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 1 month, 2 weeks ago by @mweinelt Activity log Created automatic suggestion 2 months, 3 weeks ago @mweinelt removed package haskellPackages.data-carousel 1 month, 2 weeks ago @mweinelt dismissed 1 month, 2 weeks ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. Affected products carousel =<1.8 Matching in nixpkgs