CVE-2025-12656

The WPvivid Backup & Migration plugin for WordPress is affected by an arbitrary directory deletion vulnerability due to insufficient file path validation in delete_cancel_staging_site() in all versions up to and including 0.9.128. Authenticated attackers with Administrator-level access can delete...

PT-2026-22857

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflow ids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14477 404 Solution <= 3.1.0 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter

The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the filterText paramet...

EUVD-2020-22038

Malware in sbrugna...

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

CVE-2025-5103

CVE-2025-5103 affects the WordPress plugin Ultimate Gift Cards for WooCommerce. Many versions up to 3.1.4 are vulnerable to boolean-based SQL injection via the default_price and product_id parameters due to insufficient escaping and lack of prepared statements. Exploitation requires Administrator...

CVE-2023-41276

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-45035

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2019-10652

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

CVE-2024-13911 Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-13901 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting

The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-41275 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Broadcom Symantec Messaging Gateway (SMG) 信息泄露漏洞

Broadcom Symantec Messaging Gateway Broadcom SMG is an internal email security solution from Broadcom, Inc. An information disclosure vulnerability exists in Broadcom Symantec Messaging Gateway SMG version 10.7, which originates from an authenticated, malicious SMG administrator user being able t...

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...