CVE-2025-12696

CVE-2025-12696 affects the WordPress HelloLeads CRM Form Shortcode plugin (versions

EUVD-2021-11730

Malware in sbrugna...

EUVD-2021-11824

Malware in sbrugna...

EUVD-2021-11498

Malware in sbrugna...

EUVD-2022-24907

Malicious code in bioql PyPI...

CVE-2024-5284

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2021-24836

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them...

CVE-2024-3823

CVE-2024-3823 affects the WordPress plugin Base64 Encoder/Decoder (versions ≤ 0.9.2). The underlying issue is lack of CSRF protection when updating settings, combined with insufficient sanitization and escaping. This could allow a logged-in attacker to trigger a CSRF that enables Stored XSS paylo...

Store Locator < 1.4.6 - Stored XSS via CSRF

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress Ibtana plugin prior to 1.1.4....