CVE-2025-13701

CVE-2025-13701 refers to Shabat Keeper, a WordPress plugin, with a Reflected Cross-Site Scripting vulnerability via the $_SERVER['PHP_SELF'] parameter. The vulnerability affects all versions up to and including 0.4.4 due to insufficient input sanitization and output escaping, enabling unauthentic...

EUVD-2018-3776

Malware in sbrugna...

EUVD-2021-11102

Malware in sbrugna...

EUVD-2024-50058

Malicious code in bioql PyPI...

EUVD-2024-50056

Malicious code in bioql PyPI...

CVE-2024-11461

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2022-3946

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods...

CVE-2021-24194

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog...

CVE-2024-11034

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

CVE-2024-28141 Cross-Site Request-Forgery

The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the...

PT-2022-21356

Name of the Vulnerable Software and Affected Versions WordPress Classifieds Plugin versions prior to 4.3 Description The issue arises from the improper sanitization and escaping of certain parameters before they are used in a SQL statement. This occurs via an AJAX action that is accessible to...

CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

Unspecified vulnerability in BetterLinks WordPress plugin (CNVD-2021-44289)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in BetterLinks WordPress plugin versions prior to 2.0.4, which stems...

CVE-2017-12440

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...