WordPress Sensei LMS <4.5.0 - Information Disclosure

WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages. id: CVE-2022-2034 info: name: WordPress Sensei LMS 4.5.0 - Information Disclosure author:...

WooCommerce Payments - Unauthorized Admin Access

An issue in WooCommerce Payments plugin for WordPress versions 5.6.1 and lower allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the...

CVE-2026-39660

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through = 2.4.1...

CVE-2026-39660

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-39660

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2026-31223

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through = 2.4.1...

CVE-2026-25404

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through = 2.4.0...

CVE-2023-49828

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a throu...

CVE-2024-39666

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2...

CVE-2023-52212

Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0...

CVE-2025-69015

Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: from n/a through = 1.7.2...

EUVD-2025-36601

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2...

WordPress Buddypress Plugin Missing Authorization Vulnerability

WordPress Buddypress Plugin is an open source social networking plugin developed by Automattic the parent company of WordPress for converting WordPress websites into fully functional social platforms. WordPress Buddypress Plugin suffers from a lack of authorization vulnerability, no details of th...

WordPress bbp-move-topics plugin cross-site scripting vulnerability

WordPress bbp-move-topics plugin is an open source forum plugin for WordPress , developed by Automattic , supports users to manage forums through the WordPress backend . WordPress bbp-move-topics plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

EUVD-2007-3278

Malware in sbrugna...

EUVD-2018-13260

Malware in sbrugna...

EUVD-2023-51872

Malicious code in bioql PyPI...

EUVD-2024-36438

Malicious code in bioql PyPI...

EUVD-2024-40654

Malicious code in bioql PyPI...

EUVD-2023-56884

Malicious code in bioql PyPI...