42 matches found
EUVD-2014-8954
Malware in sbrugna...
EUVD-2022-34657
Malicious code in bioql PyPI...
EUVD-2025-9118
Malicious code in bioql PyPI...
CVE-2025-7387
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-28976 · WordPress · Lana Downloads Manager
Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager versions prior to 1.10.0 Description: The Lana Downloads Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping on user-supplied attributes...
WordPress plugin Lana Downloads Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
CVE-2025-2048
CVE-2025-2048 affects the Lana Downloads Manager WordPress plugin prior to 1.10.0. The issue is that input used to build a path is not validated, enabling admins to perform path traversal and download arbitrary server files. Public references confirm the vulnerability is tied to path traversal in...
CVE-2025-2048 Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server...
PT-2025-14082 · WordPress · Lana Downloads Manager
Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager WordPress plugin versions prior to 1.10.0 Description: The issue concerns the Lana Downloads Manager WordPress plugin, which does not validate user input used in a path. This could allow users with an admin role to...
Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells
Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely monitored. This...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...
CVE-2022-2392
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher...