CVE-2026-1291

CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...

CVE-2026-2879

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

PT-2026-28195

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...

CVE-2026-2879

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

PT-2026-25158

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2. This is due to missing validation on the id parameter in the create method of the GetGenieChat REST API endpoint. The method accepts a user-controlled post ID and, when...

WordPress Folders plugin <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement vulnerability

Missing Authorization to Authenticated Author+ Media Replacement vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Folders versions = 3.1.5...

WordPress Responsive Pricing Table plugin <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Responsive Pricing Table versions = 5.1.12...

WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Crowdsignal Forms versions = 1.7.2...

WordPress WP3D Model Import Viewer plugin <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP3D Model Import Viewer versions = 1.0.7...

WordPress List Attachments Shortcode plugin <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via list-attachments Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin List Attachments Shortcode versions = 0.4.1a...

CVE-2025-11176

CVE-2025-11176 affects the WordPress plugin “Quick Featured Images” (versions up to 13.7.2). The vulnerability is an Insecure Direct Object Reference (IDOR) in the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions caused by missing validation of a user-controlled key. This allows authentica...

EUVD-2013-2927

Malware in sbrugna...

EUVD-2013-2917

Malware in sbrugna...

EUVD-2023-47908

Malicious code in bioql PyPI...

EUVD-2022-51524

Malicious code in bioql PyPI...

EUVD-2022-51513

Malicious code in bioql PyPI...

EUVD-2022-51511

Malicious code in bioql PyPI...

EUVD-2022-6604

Malicious code in bioql PyPI...

EUVD-2022-51523

Malicious code in bioql PyPI...

EUVD-2022-51514

Malicious code in bioql PyPI...