93 matches found
CVE-2026-8845
The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...
CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...
EUVD-2026-32081
The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...
WordPress plugin Islamic Database 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Advanced CF7 DB plugin <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability
Missing Authorization to Authenticated Subscriber+ Form Submissions Excel Export vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...
PT-2026-20587
Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB plugin for WordPress versions 0.5.4 through 1.2.1 Description The Tablesome Table – Contact Form DB plugin for WordPress has a flaw where a missing capability check in the get table data function allows...
CVE-2023-31235
Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.9 versions...
CVE-2025-64231
The CVE-2025-64231 entry concerns the WordPress plugin RTW WordPress Contact Form 7 PDF, Google Sheet & Database (rtwwcfp-wordpress-contact-form-7-pdf) versions up to 3.0.0. The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing upload of malicious files via the plugin’...
EUVD-2020-29444
Malware in sbrugna...
EUVD-2014-3894
Malware in sbrugna...
EUVD-2022-4343
Malicious code in bioql PyPI...
EUVD-2025-15242
Malicious code in bioql PyPI...
EUVD-2022-4167
Malicious code in bioql PyPI...
EUVD-2023-35550
Malicious code in bioql PyPI...
EUVD-2022-5024
Malicious code in bioql PyPI...
EUVD-2023-46354
Malicious code in bioql PyPI...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
PT-2025-37025
Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider versions through 3.5.0 Description: An SQL injection vulnerability exists in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database ...
CVE-2023-41863
Unauth. Stored Cross-Site Scripting XSS vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin = 1.7.0 versions...
CVE-2020-2240
A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...