8 matches found
EUVD-2025-12086
Malicious code in bioql PyPI...
EUVD-2025-5396
Malicious code in bioql PyPI...
CVE-2025-46230
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GhozyLab Popup Builder easy-notify-lite allows PHP Local File Inclusion.This issue affects Popup Builder: from n/a through = 1.1.35...
CVE-2025-46230
CVE-2025-46230 affects WordPress Popup Builder (plugin) up to version 1.1.35. The vulnerability is an improper filename control in PHP Include/Require (Local File Inclusion). Impact per sources is high (C/VSS metrics), enabling potential arbitrary file access via LFI. Remediation: upgrade to a fi...
PT-2025-17758 · Unknown · Ghozylab Popup Builder
Name of the Vulnerable Software and Affected Versions: GhozyLab Popup Builder versions 1.1.35 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...
CVE-2025-26882
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Popup Builder easy-notify-lite allows Stored XSS.This issue affects Popup Builder: from n/a through = 1.1.33...
CVE-2025-26882
CVE-2025-26882 affects Popup Builder (WordPress) up to version 1.1.33. The issue is an stored XSS caused by improper neutralization of input during web page generation, allowing an attacker with contributor-level or higher access to inject scripts in the popup. The vulnerability is authenticated-...
PT-2024-25982 · Ghozylab · Popup Builder
Name of the Vulnerable Software and Affected Versions: GhozyLab, Inc. Popup Builder versions 1.1.29 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. There is a...