EUVD-2020-24162

Malware in sbrugna...

EUVD-2022-37006

Malicious code in bioql PyPI...

CVE-2020-36720

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

CVE-2020-36720 Kali Forms <= 2.1.1 - Missing Authorization to Settings Update

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

CVE-2019-25142 Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

CVE-2019-25142

The Mesmerize (up to 1.6.89) and Materialis (up to 1.0.172) WordPress themes are vulnerable to authenticated options changes due to companion_disable_popup not fully validating input before update_option. This allows authenticated attackers to modify restricted options. Remediation: upgrade Mesme...

PT-2022-21940 · WordPress · Biplob018 Shortcode Addons

Name of the Vulnerable Software and Affected Versions: Biplob018 Shortcode Addons plugin versions 3.1.2 and earlier Description: The issue allows authenticated options change in the Biplob018 Shortcode Addons plugin at WordPress. Recommendations: For Biplob018 Shortcode Addons plugin versions 3.1...

CVE-2022-36375 WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability

Authenticated high role user WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin = 3.6.0 at WordPress...

Advanced Shipment Tracking for WooCommerce < 3.2.7 - Authenticated Options Change

The plugin was vulnerable to Authenticated Options Change allowing authenticated users to update arbitrary WordPress options...

WordPress Flo Forms plugin <= 1.0.35 - Authenticated Options Change & Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Options Change & Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Flo Forms plugin versions = 1.0.35. Solution Update the WordPress Flo Forms plugin to the latest available version at least 1.0.36...

Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS

The plugin was being actively exploited, allowing low privilege users to use the floimportformsoptions AJAX action to import new options and inject malicious JavaScript code in the backend...

WordPress The Official Facebook Chat Plugin <= 1.5 - Authenticated Options Change vulnerability

Authenticated Options Change vulnerability discovered by WordFence in WordPress The Official Facebook Chat Plugin versions = 1.5. Solution Update the WordPress The Official Facebook Chat Plugin to the latest available version at least 1.6...

CVE-2019-16251

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...