CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.23 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.23 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

CVE-2025-12836 VK Google Job Posting Manager <= 1.2.23 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.23 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

WordPress VK Google Job Posting Manager plugin <= 1.2.20 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Job Description Field vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin VK Google Job Posting Manager versions = 1.2.20...

PT-2026-4565

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

CVE-2025-66525

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

EUVD-2025-202147

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

CVE-2025-66525

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

CVE-2025-66525 WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

WordPress plugin Elastic Email Sender 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

PT-2025-49873

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

CVE-2025-13404

CVE-2025-13404 concerns the WordPress plugin “atec Duplicate Page & Post” (versions up to and including 1.2.20). The root cause is missing authorization validation in the duplicate_post() function, allowing authenticated users with Contributor-level access or higher to duplicate arbitrary posts, ...

WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Elastic Email Sender versions = 1.2.20...

EUVD-2010-1301

Malware in sbrugna...

EUVD-2022-6307

Malicious code in bioql PyPI...

CVE-2025-32262

Cross-Site Request Forgery CSRF vulnerability in Robert D Payne RDP Wiki Embed rdp-wiki-embed allows Cross Site Request Forgery.This issue affects RDP Wiki Embed: from n/a through = 1.2.20...

CVE-2025-32262 WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20...

WordPress plugin RDP Wiki Embed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...