EUVD-2025-13749

Malicious code in bioql PyPI...

EUVD-2023-57352

Malicious code in bioql PyPI...

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to...

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-47638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord Invite: from n/a through = 2.5.3...

CVE-2025-47638

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord Invite: from n/a through = 2.5.3...

CVE-2025-47638 WordPress WP Discord Invite plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord Invite: from n/a through = 2.5.3...

CVE-2025-47638 WordPress WP Discord Invite plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord Invite: from n/a through = 2.5.3...

CVE-2025-47638

CVE-2025-47638 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin WP Discord Invite . Affected versions are listed as up to 2.5.3 (n/a through 2.5.3). The primary sources describe this as an “Improper Neutralization of Input During Web Page Generation” XSS, affecting WP ...

PT-2025-20200 · WordPress · Wp Discord Invite

Name of the Vulnerable Software and Affected Versions: WP Discord Invite versions n/a through 2.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

WordPress plugin WP Discord Invite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

CVE-2023-5006

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...

CVE-2023-5006 WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request...

CVE-2023-5006

CVE-2023-5006 (WP Discord Invite) : The WordPress plugin WP Discord Invite is vulnerable to a CSRF flaw in versions before 2.5.1, enabling an unauthenticated attacker to cause actions on behalf of an authenticated admin by tricking them into submitting crafted requests. Public details confirm the...

PT-2024-13853 · WordPress · Wp Discord Invite

Name of the Vulnerable Software and Affected Versions: WP Discord Invite WordPress plugin versions prior to 2.5.1 Description: The issue allows an unauthenticated attacker to perform actions on behalf of a logged-in administrator by tricking them into submitting a crafted request, due to a lack o...

WordPress Plugin WP Discord Invite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress WP Discord Invite Plugin < 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Discord Invite Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5181 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 189ce186d624 Credits Bob Matyas Required...

WordPress WP Discord Invite Plugin < 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Discord Invite Type Plugin Vulnerable versions 2.5.1 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5006 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ddd467b1e925 Credits Enrico Marcolini...

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5181

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...