51 matches found
EUVD-2025-205664
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public...
EUVD-2017-9663
Malware in sbrugna...
EUVD-2016-1968
Malware in sbrugna...
EUVD-2016-1920
Malware in sbrugna...
EUVD-2022-38827
Malicious code in bioql PyPI...
WordPress A/B Testing for WordPress plugin cross-site scripting vulnerability
WordPress A/B Testing for WordPress plugin is a plugin for A/B testing in WordPress websites, which is mainly used to help optimize website conversions by comparing the effects of different page elements such as titles, button colors, content, etc.. The WordPress A/B Testing for WordPress plugin...
CVE-2025-4587
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
WordPress A/B Testing for WordPress plugin <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin A/B Testing for WordPress versions = 1.18.2...
CVE-2025-4587 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
CVE-2025-4587 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
Malicious code in kwp-a-b-testing (npm)
The package communicates with a domain associated with malicious activity...
CVE-2024-13868
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress A/B Image Optimizer 3.3 Plugin Arbitrary File Download Vulnerability
WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability. CVE-2025-25163 Plugin A/B Image Optimizer = 3.3 - Authenticated Subscriber+ Arbitrary File Download Description The Plugin A/B Image Optimizer plugin for WordPress is vulnerab...
CVE-2025-25163
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through = 3.3...
CVE-2025-25163
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through = 3.3...
CVE-2025-25163
CVE-2025-25163 affects WordPress Plugin A/B Image Optimizer (versions up to 3.3). The vulnerability is a Path Traversal (improper limitation of a pathname to a restricted directory) that can enable an attacker to download arbitrary server files. Public PoCs demonstrate exploitation via authentica...
CVE-2022-36065
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
frood, an Alpine initramfs NAS
My NAS, frood, has a bit of a weird setup. It’s just one big initramfs containing a whole Alpine Linux system. It’s delightful and I am not sure why it’s not more common. As long as the bootloader can find the kernel and initramfs, the machine comes up cleanly. A/B deployments and rollbacks are...
Google Search user interface: A/B testing shows security concerns remain
For the past few days, Google has been A/B testing some subtle visual changes to its user interface for the search results page. You may only get the new UI for certain types of searches or based on your current geolocation. This test is not to be confused with but could part of a previously...
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-063)
The version of kernel installed on the remote host is prior to 5.4.110-54.189. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-063 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in...