137 matches found
CVE-2025-10706 Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...
EUVD-2025-34723
The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-10706
CVE-2025-10706 pertains to the Classified Pro WordPress theme. Wordfence and CVE records confirm a missing capability check in cwp_addons_update_plugin_cb across all versions
EUVD-2024-45789
Malicious code in bioql PyPI...
EUVD-2024-42911
Malicious code in bioql PyPI...
EUVD-2025-28566
Malicious code in bioql PyPI...
EUVD-2025-18093
Malicious code in bioql PyPI...
EUVD-2025-30510
Malicious code in bioql PyPI...
EUVD-2024-28420
Malicious code in bioql PyPI...
EUVD-2025-19220
Malicious code in bioql PyPI...
EUVD-2025-19218
Malicious code in bioql PyPI...
EUVD-2025-17235
Malicious code in bioql PyPI...
EUVD-2024-42336
Malicious code in bioql PyPI...
CVE-2025-59569
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through = 1.1.26...
CVE-2025-59569
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through = 1.1.26...
WordPress CubeWP Plugin <= 1.1.26 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin CubeWP versions = 1.1.26...
CVE-2025-59569 WordPress CubeWP Plugin <= 1.1.26 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26...
CVE-2025-59569 WordPress CubeWP Plugin <= 1.1.26 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Stored XSS.This issue affects CubeWP: from n/a through = 1.1.26...
CVE-2025-59569
CVE-2025-59569 : Stored XSS in CubeWP (CubeWP Framework) affecting versions up to 1.1.26; exploit requires at least Contributor+ authenticated access. Patch available in 1.1.26 (CubeWP patch), per Wordfence listing of CubeWP
PT-2025-39044
Name of the Vulnerable Software and Affected Versions CubeWP versions through 1.1.26 Description The software contains a flaw related to improper input handling during web page creation, which can lead to Cross-site Scripting XSS. This specific instance is a Stored XSS issue, meaning malicious...