Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-53338
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 4 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 6 months ago
  • @LeSuisse removed
    23 packages
    • replace
    • fireplace
    • qsreplace
    • replacement
    • replace-secret
    • haskellPackages.replace-attoparsec
    • haskellPackages.replace-megaparsec
    • haskellPackages.text-regex-replace
    • tests.substitute.legacySingleReplace
    • tests.replaceVars.replaceVars.succeeds
    • tests.replaceVars.replaceVarsWith.succeeds
    • tests.replaceVars.replaceVars.fails-on-directory
    • tests.replaceVars.replaceVars.fails-in-build-phase
    • tests.replaceVars.replaceVars.fails-in-check-phase
    • tests.replaceVars.replaceVarsWith.fails-on-directory
    • tests.replaceVars.replaceVars.succeeds-with-exemption
    • tests.replaceVars.replaceVarsWith.fails-in-build-phase
    • tests.replaceVars.replaceVarsWith.fails-in-check-phase
    • tests.replaceVars.replaceVarsWith.succeeds-with-exemption
    • tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption
    • tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption
    • tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption
    • tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption
    4 months, 2 weeks ago
  • @LeSuisse dismissed 4 months, 2 weeks ago
WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.

References

Affected products

replace
  • =<0.2.1