EUVD-2016-10897

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

CVE-2026-3651

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

CVE-2026-24605

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-24605

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

PT-2026-4439

Name of the Vulnerable Software and Affected Versions X Addons for Elementor versions through 1.0.23 Description An issue exists in X Addons for Elementor where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. The vulnerability...

WordPress plugin X Addons for Elementor has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

CVE-2026-22518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-22518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-22518

CVE-2026-22518 : The X Addons for Elementor plugin is affected by a DOM-based XSS vulnerability (Improper Neutralization of Input During Web Page Generation). The CVE covers X Addons for Elementor versions

PT-2026-2195

Name of the Vulnerable Software and Affected Versions pencilwp X Addons for Elementor versions through 1.0.23 Description An issue exists in pencilwp X Addons for Elementor that allows for DOM-Based Cross-site Scripting XSS. This is due to improper neutralization of input during web page...

WordPress plugin X Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...

WordPress Spexo Addons for Elementor plugin <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.23...

WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...

WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Tiktok Feed versions = 1.0.23...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the Menu Display Widget process. An attacker can access sensitive information by viewing content that should be restricted to authorized users. Remediation Upgrade...

EUVD-2024-43773

Malicious code in bioql PyPI...