15 matches found
EUVD-2026-9624
Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...
EUVD-2025-205734
Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through = 1.0.9...
EUVD-2025-27031
Malicious code in bioql PyPI...
EUVD-2025-26531
Malicious code in bioql PyPI...
CVE-2025-58628
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...
PT-2025-36251
Name of the Vulnerable Software and Affected Versions: Miraculous versions prior to 2.0.9 Description: The Miraculous software contains a SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection. Recommendations: Update...
PT-2025-35769
Name of the Vulnerable Software and Affected Versions: kamleshyadav Exit Intent Popup versions n/a through 1.0.1 Description: A Server-Side Request Forgery SSRF vulnerability exists in kamleshyadav Exit Intent Popup. This issue allows attackers to perform Server Side Request Forgery...
PT-2025-35036
Name of the Vulnerable Software and Affected Versions: Miraculous Core Plugin versions through 2.0.7 Description: An incorrect privilege assignment exists in the Miraculous Core Plugin, allowing for privilege escalation. Recommendations: Update Miraculous Core Plugin to a version later than 2.0.7...
CVE-2025-31425
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through 2.6...
CVE-2025-31425
Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through 2.6...
CVE-2025-31425
CVE-2025-31425 relates to the WordPress plugin “WP Lead Capturing Pages” (versions prior to 2.3). The vulnerability is caused by Missing Authorization stemming from incorrectly configured access control, enabling an attacker to perform Arbitrary Content Deletion. The CVSS v3.1 score is 7.5 (High)...
PT-2025-27884 · Unknown · Kamleshyadav Cf7 7 Mailchimp Add-On
Name of the Vulnerable Software and Affected Versions: kamleshyadav CF7 7 Mailchimp Add-on versions n/a through 2.2 Description: The issue is related to a Missing Authorization vulnerability that allows exploitation of incorrectly configured access control security levels. Recommendations: For...
CVE-2025-31914
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQL Injection.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through ...
CVE-2025-31914
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Blind SQL Injection.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through ...
Auto Car 1.2 Cross Site Scripting / SQL Injection
Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...