CVE-2026-22482 WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through = 2.3.12...

CVE-2026-22482

CVE-2026-22482 describes a Server-Side Request Forgery (SSRF) in the IMGspider WordPress plugin (IMGspider/imgspider) affecting versions up to 2.3.12. Connected sources (Red Hat, CIRCL, NVD/CVE records) confirm this as an authenticated SSRF vulnerability in IMGspider, with no public patch details...

WordPress plugin IMGspider has code vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4243

Server-Side Request Forgery SSRF vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through = 2.3.12...

WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin ZoloBlocks versions = 2.3.11...

WordPress Phlox Portfolio plugin <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path] vulnerability

Unauthenticated Local File Inclusion via argsextratemplatepath vulnerability discovered by LionTree in WordPress Plugin Phlox Portfolio versions = 2.3.10...

EUVD-2025-36390

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contact...

CVE-2025-12341

Summary : CVE-2025-12341 affects ermig1979 AntiDupl up to version 2.3.12. The issue resides in an unknown function within the Delete Duplicate Image Handler’s file AntiDupl.NET.WinForms.exe, enabling a link-following vulnerability. The attack is possible with local access. Multiple sources (PT-20...

PT-2025-43605

Name of the Vulnerable Software and Affected Versions ZoloBlocks – Gutenberg Block Editor Plugin versions prior to 2.3.12 Description The ZoloBlocks – Gutenberg Block Editor Plugin for WordPress has a flaw that allows unauthorized modification of data. Specifically, a missing capability check...

WordPress ZoloBlocks plugin <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability

Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability discovered by Jay in WordPress Plugin ZoloBlocks versions = 2.3.11...

EUVD-2025-26291

Malicious code in bioql PyPI...

EUVD-2023-33834

Malicious code in bioql PyPI...

CVE-2025-9725

CVE-2025-9725 – Cudy LT500E Web shadow hard-coded password . The vulnerability affects LT500E devices up to firmware 2.3.12, in the Web Interface’s /squashfs-root/etc/shadow function, allowing use of a hard-coded password. Exploitation is local, with high attack complexity and reported exploitabi...

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

PT-2025-35404

Name of the Vulnerable Software and Affected Versions Cudy LT500E versions prior to 2.3.13 Description A vulnerability exists in Cudy LT500E up to version 2.3.12. The issue resides in an unknown function within the /squashfs-root/etc/shadow file of the Web Interface component, leading to the use ...

CVE-2023-2335

Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows Registery modules allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0...

CVE-2025-1483

The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtzwdsavedropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to...

PT-2025-7514 · WordPress · Ltl Freight Quotes – Globaltranz Edition

Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – GlobalTranz Edition plugin for WordPress versions up to, and including, 2.3.12 Description: The issue concerns a missing capability check on the "engtz wd save dropship" AJAX endpoint, allowing unauthenticated attackers t...

WordPress LTL Freight Quotes – GlobalTranz Edition plugin <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – GlobalTranz Edition versions = 2.3.12...

PT-2025-6947 · Enituretechnology · Enituretechnology Ltl Freight Quotes – Freightquote Edition

Name of the Vulnerable Software and Affected Versions: enituretechnology LTL Freight Quotes – FreightQuote Edition versions 2.3.11 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL injection. This problem can be...