EUVD-2025-8346

Malicious code in bioql PyPI...

WordPress Plugin BizCalendar Web PHP Remote File Inclusion Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BizCalendar Web 1.1.0.50 and previous versions of the PHP remote file inclusion...

CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

WordPress plugin BizCalendar Web 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin BizCalendar Web 1.1.0.50 and previous versions of the PHP remote file inclusion...

PT-2025-33460 · WordPress · Bizcalendar Web

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51 Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and...

CVE-2025-30843

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...

CVE-2025-30843

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...

WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin bizcalendar-web versions = 1.1.0.34...

CVE-2025-30843

CVE-2025-30843 (BizCalendar Web) is an authenticated SQL Injection in BizCalendar Web up to version 1.1.0.34. The issue is described as an SQL injection vulnerability caused by improper neutralization of inputs in the product’s web interface. The CVSS v3.1 metrics list a base score of 7.6 (HIGH) ...

CVE-2025-30843 WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...

CVE-2025-30843 WordPress bizcalendar-web plugin <= 1.1.0.34 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through = 1.1.0.34...

WordPress plugin setriosoft bizcalendar-web SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin setriosoft...

WordPress BizCalendar Web plugin <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab' vulnerability

Reflected Cross-Site Scripting via 'tab' vulnerability discovered by WordFence in WordPress Plugin bizcalendar-web versions = 1.1.0.25...

WordPress bizcalendar-web Plugin <= 1.1.0.25 is vulnerable to Cross Site Scripting (XSS)

Software bizcalendar-web Type Plugin Vulnerable versions = 1.1.0.25 Fixed in 1.1.0.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1780 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 262671a35eab Credits WordFence...

PT-2024-18301 · WordPress · Bizcalendar Web

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions up to, and including, 1.1.0.19 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers...

WordPress Plugin BizCalendar Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...