CVE-2026-22519

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through = 1.6.2...

PT-2026-2196

Name of the Vulnerable Software and Affected Versions BuddyDev MediaPress versions through 1.6.2 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting XSS condition. This allows for the injection of...

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760

CVE-2025-62760 refers to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the BuddyPress Activity Shortcode plugin. According to the Wordfence Vulnerability report, the affected component is the BuddyPress Activity Shortcode, with versions up to and including 1.1.8. It is categ...

CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

PT-2025-54302

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

CVE-2025-62949

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through = 1.1.2...

EUVD-2025-35992

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through = 1.1.2...

CVE-2025-62949

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through = 1.1.2...

EUVD-2025-30515

Malicious code in bioql PyPI...

EUVD-2025-17222

Malicious code in bioql PyPI...

EUVD-2025-26558

Malicious code in bioql PyPI...

CVE-2025-58263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-58263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

PT-2025-38926

Name of the Vulnerable Software and Affected Versions BuddyPress Notification Widget versions through 1.3.3 Description The BuddyPress Notification Widget contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-Site Scripting XSS. This allows ...

CVE-2025-58608

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...

CVE-2025-58608

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...

CVE-2025-30957

Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through = 1.1.2...

CVE-2025-30957

CVE-2025-30957 concerns a missing-authorization vulnerability in the BuddyPress extension Activity Plus Reloaded (BuddyDev). The Wordfence vulnerability listing explicitly notes an Authorization issue for Activity Plus Reloaded for BuddyPress